starlingx/integ
Code Issues Proposed changes

Merge "Add integ/config for Trixie"

Browse Source
This commit is contained in:
Zuul
2025-11-27 21:08:33 +00:00
committed by Gerrit Code Review
parent 3a24643dee f66ba24e4e
commit 23089f4c7f
248 changed files with 7988 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
config/facter/debian/trixie/meta_data.yaml Normal file
View File

@@ -0,0 +1,11 @@
---
debname: facter
debver: 3.14.12-1
dl_path:
name: facter-3.14.12-1.tar.gz
url: https://salsa.debian.org/puppet-team/facter/-/archive/debian/3.14.12-1/facter-debian-3.14.12-1.tar.gz
md5sum: 2394099bd9d6c63eaa1fb5fda5e79fca
sha256sum: 7e3160b584bfaa2863643ee23aa84abdec9dcea292701623cf750d23df0e53f8
revision:
dist: $STX_DIST
PKG_GITREVCOUNT: true

178
config/facter/debian/trixie/patches/0001-Add-personality-and-subfunction.patch Normal file
View File

@@ -0,0 +1,178 @@
From 2bd09160543d0e170d0ade2f695691a03aa3d5fa Mon Sep 17 00:00:00 2001
From: Dan Voiculeasa <dan.voiculeasa@windriver.com>
Date: Tue, 14 Sep 2021 16:33:23 +0000
Subject: [PATCH] Add personality and subfunction
Adapt 0002-personality.patch from CentOS.
Signed-off-by: Dan Voiculeasa <dan.voiculeasa@windriver.com>
---
lib/CMakeLists.txt | 9 ++++++
lib/facter/personality.rb | 21 +++++++++++++
lib/facter/subfunction.rb | 61 ++++++++++++++++++++++++++++++++++++
lib/facter/util/file_read.rb | 37 ++++++++++++++++++++++
4 files changed, 128 insertions(+)
create mode 100644 lib/facter/personality.rb
create mode 100644 lib/facter/subfunction.rb
create mode 100644 lib/facter/util/file_read.rb
diff --git a/lib/CMakeLists.txt b/lib/CMakeLists.txt
index 8dd7063..f7d336a 100644
--- a/lib/CMakeLists.txt
+++ b/lib/CMakeLists.txt
@@ -435,6 +435,15 @@ if(RUBY_VENDORDIR)
message(STATUS "\"make install\" will install facter.rb to ${RUBY_VENDORDIR}")
install(FILES ${CMAKE_BINARY_DIR}/lib/facter.rb DESTINATION ${RUBY_VENDORDIR})
+ message(STATUS "\"make install\" will install facter/personality.rb to ${RUBY_VENDORDIR}/facter")
+ install(FILES facter/personality.rb DESTINATION ${RUBY_VENDORDIR}/facter)
+
+ message(STATUS "\"make install\" will install facter/subfunction.rb to ${RUBY_VENDORDIR}/facter")
+ install(FILES facter/subfunction.rb DESTINATION ${RUBY_VENDORDIR}/facter)
+
+ message(STATUS "\"make install\" will install facter/util/file_read.rb to ${RUBY_VENDORDIR}/facter/util")
+ install(FILES facter/util/file_read.rb DESTINATION ${RUBY_VENDORDIR}/facter/util)
+
if (JRUBY_SUPPORT)
message(STATUS "\"make install\" will install facter.jar to ${RUBY_VENDORDIR} to support JRuby")
install(FILES ${CMAKE_BINARY_DIR}/lib/facter.jar DESTINATION ${RUBY_VENDORDIR})
diff --git a/lib/facter/personality.rb b/lib/facter/personality.rb
new file mode 100644
index 0000000..0a4e8cf
--- /dev/null
+++ b/lib/facter/personality.rb
@@ -0,0 +1,21 @@
+#
+# personality.rb
+#
+# This fact gives the personality of this node.
+#
+require 'facter/util/file_read'
+
+Facter.add('personality') do
+ confine :kernel => :linux
+
+ setcode do
+ if release = Facter::Util::FileRead.read('/etc/platform/platform.conf')
+ if match = release.match(/^nodetype\=(.*)/)
+ match[1]
+ end
+ end
+ end
+end
+
+# vim: set ts=2 sw=2 et :
+# encoding: utf-8
diff --git a/lib/facter/subfunction.rb b/lib/facter/subfunction.rb
new file mode 100644
index 0000000..589bcb3
--- /dev/null
+++ b/lib/facter/subfunction.rb
@@ -0,0 +1,61 @@
+#
+# subfunction.rb
+#
+# This fact gives the subfunction of this node.
+#
+require 'facter/util/file_read'
+
+Facter.add('subfunction') do
+ confine :kernel => :linux
+
+ setcode do
+ if release = Facter::Util::FileRead.read('/etc/platform/platform.conf')
+ if match = release.match(/^subfunction\=(.*)/)
+ match[1]
+ end
+ end
+ end
+end
+
+Facter.add('is_worker_subfunction') do
+ confine :kernel => :linux
+
+ setcode do
+ if release = Facter::Util::FileRead.read('/etc/platform/platform.conf')
+ match = release.match(/^subfunction\=.*worker/) ? true : false
+ end
+ end
+end
+
+Facter.add('is_controller_subfunction') do
+ confine :kernel => :linux
+
+ setcode do
+ if release = Facter::Util::FileRead.read('/etc/platform/platform.conf')
+ match = release.match(/^subfunction\=.*controller/) ? true : false
+ end
+ end
+end
+
+Facter.add('is_storage_subfunction') do
+ confine :kernel => :linux
+
+ setcode do
+ if release = Facter::Util::FileRead.read('/etc/platform/platform.conf')
+ match = release.match(/^subfunction\=.*storage/) ? true : false
+ end
+ end
+end
+
+Facter.add('is_lowlatency_subfunction') do
+ confine :kernel => :linux
+
+ setcode do
+ if release = Facter::Util::FileRead.read('/etc/platform/platform.conf')
+ match = release.match(/^subfunction\=.*lowlatency/) ? true : false
+ end
+ end
+end
+
+# vim: set ts=2 sw=2 et :
+# encoding: utf-8
diff --git a/lib/facter/util/file_read.rb b/lib/facter/util/file_read.rb
new file mode 100644
index 0000000..c92185a
--- /dev/null
+++ b/lib/facter/util/file_read.rb
@@ -0,0 +1,37 @@
+module Facter
+module Util
+
+# {Facter::Util::FileRead} is a utility module intended to provide easily
+# mockable methods that delegate to simple file read methods. The intent is to
+# avoid the need to execute the `cat` system command or `File.read` directly in
+# Ruby, as mocking these behaviors can have wide-ranging effects.
+#
+# All Facter facts are encouraged to use this method instead of File.read or
+# Facter::Core::Execution.exec('cat ...')
+#
+# @api public
+module FileRead
+ # read returns the raw content of a file as a string. If the file does not
+ # exist, or the process does not have permission to read the file then nil is
+ # returned.
+ #
+ # @api public
+ #
+ # @param path [String] the path to be read
+ #
+ # @return [String, nil] the raw contents of the file or `nil` if the
+ # file cannot be read because it does not exist or the process does not have
+ # permission to read the file.
+ def self.read(path)
+ File.read(path)
+ rescue Errno::ENOENT, Errno::EACCES => detail
+ Facter.debug "Could not read #{path}: #{detail.message}"
+ nil
+ end
+
+ def self.read_binary(path)
+ File.open(path, "rb") { |contents| contents.read }
+ end
+end
+end
+end
--
2.25.1

1
config/facter/debian/trixie/patches/series Normal file
View File

@@ -0,0 +1 @@
0001-Add-personality-and-subfunction.patch

5
config/puppet-modules/openstack/puppet-ceph/debian/trixie/deb_folder/changelog Normal file
View File

@@ -0,0 +1,5 @@
puppet-module-ceph (2.4.1-1) unstable; urgency=medium
* Initial release.
-- Dan Voiculeasa <dan.voiculeasa@windriver.com> Thu, 10 Mar 202 15:50:00 +0200

30
config/puppet-modules/openstack/puppet-ceph/debian/trixie/deb_folder/control Normal file
View File

@@ -0,0 +1,30 @@
Source: puppet-module-ceph
Section: admin
Priority: optional
Maintainer: StarlingX Developers <starlingx-discuss@lists.starlingx.io>
Build-Depends:
debhelper-compat (= 11),
openstack-pkg-tools,
python3-all,
python3-pbr,
python3-setuptools,
Standards-Version: 4.4.1
Homepage: https://www.starlingx.io
Package: puppet-module-ceph
Architecture: all
Depends: ${misc:Depends},
puppet,
puppet-module-duritong-sysctl,
puppet-module-puppetlabs-apache,
puppet-module-puppetlabs-concat,
puppet-module-puppetlabs-inifile,
puppet-module-puppetlabs-stdlib,
Description: Puppet module for Ceph
Puppet lets you centrally manage every important aspect of your system using a
cross-platform specification language that manages all the separate elements
normally aggregated in different files, like users, cron jobs, and hosts,
along with obviously discrete elements like packages, services, and files.
.
This module manages both the installation and configuration of the Ceph
distributed storage system.

39
config/puppet-modules/openstack/puppet-ceph/debian/trixie/deb_folder/copyright Normal file
View File

@@ -0,0 +1,39 @@
Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-Name: puppet-ceph
Source: https://github.com/openstack/puppet-ceph
Files: *
Copyright: (c) 2006-2008, Junio C Hamano
(c) 2013-2014, Cloudwatt <libre.licensing@cloudwatt.com>
(c) 2013-2015, iWeb Technologies Inc.
(c) 2013-2015, Red Hat, Inc.
(c) 2013-2016, Mirantis Inc.
(c) 2013, Dan Bode <bodepd@gmail.com>
(c) 2013, Hewlett-Packard Development Company, L.P.
(c) 2014, Catalyst IT Limited.
(c) 2014, Nine Internet Solutions AG
(c) 2015, David Gurtner
(c) 2016, Keith Schincke
(c) 2016, Puppet OpenStack Developers
(c) 2017, VEXXHOST, Inc.
License: Apache-2.0
Files: debian/*
Copyright: (c) 2022, Dan Voiculeasa <dan.voiculeasa@windriver.com>
License: Apache-2.0
License: Apache-2.0
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
.
http://www.apache.org/licenses/LICENSE-2.0
.
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
.
On Debian-based systems the full text of the Apache version 2.0 license
can be found in /usr/share/common-licenses/Apache-2.0.

4
config/puppet-modules/openstack/puppet-ceph/debian/trixie/deb_folder/puppet-module-ceph.install Normal file
View File

@@ -0,0 +1,4 @@
lib usr/share/puppet/modules.available/puppet-ceph
manifests usr/share/puppet/modules.available/puppet-ceph
metadata.json usr/share/puppet/modules.available/puppet-ceph
spec usr/share/puppet/modules.available/puppet-ceph

12
config/puppet-modules/openstack/puppet-ceph/debian/trixie/deb_folder/puppet-module-ceph.postinst Executable file
View File

@@ -0,0 +1,12 @@
#!/bin/sh
set -e
if [ "${1}" = "configure" ] ; then
update-alternatives --install /usr/share/puppet/modules/ceph puppet-module-ceph \
/usr/share/puppet/modules.available/puppet-ceph 500
fi
#DEBHELPER#
exit 0

11
config/puppet-modules/openstack/puppet-ceph/debian/trixie/deb_folder/puppet-module-ceph.postrm Executable file
View File

@@ -0,0 +1,11 @@
#!/bin/sh
set -e
if [ "${1}" = "remove" ] || [ "${1}" = "disappear" ]; then
update-alternatives --remove puppet-module-ceph /usr/share/puppet/modules.available/puppet-ceph
fi
#DEBHELPER#
exit 0

11
config/puppet-modules/openstack/puppet-ceph/debian/trixie/deb_folder/puppet-module-ceph.prerm Executable file
View File

@@ -0,0 +1,11 @@
#!/bin/sh
set -e
if [ "${1}" = "remove" ] || [ "${1}" = "upgrade" || [ "${1}" = "deconfigure" ]; then
update-alternatives --remove puppet-module-ceph /usr/share/puppet/modules.available/puppet-ceph
fi
#DEBHELPER#
exit 0

11
config/puppet-modules/openstack/puppet-ceph/debian/trixie/deb_folder/rules Executable file
View File

@@ -0,0 +1,11 @@
#!/usr/bin/make -f
#export DH_VERBOSE = 1
%:
dh $@
override_dh_auto_clean:
override_dh_auto_install:
override_dh_auto_build:

1
config/puppet-modules/openstack/puppet-ceph/debian/trixie/deb_folder/source/format Normal file
View File

@@ -0,0 +1 @@
3.0 (quilt)

12
config/puppet-modules/openstack/puppet-ceph/debian/trixie/meta_data.yaml Normal file
View File

@@ -0,0 +1,12 @@
---
debver: 2.4.1-1
debname: puppet-module-ceph
dl_path:
name: puppet-module-ceph-debian-2.4.1-1.tar.gz
url: https://salsa.debian.org/openstack-team/puppet/puppet-module-ceph/-/archive/2.4.1/puppet-module-ceph-2.4.1.tar.gz
md5sum: b603337d6862327c241526ae3e5dfda8
sha256sum: 168fdec8b38e755e3c37e790cab5473d077d9b1294da40ea3ab411a391e7e34b
revision:
dist: $STX_DIST
GITREVCOUNT:
BASE_SRCREV: bac46cc0e0dcd74ef8316df1615411491cc0d879

148
config/puppet-modules/openstack/puppet-ceph/debian/trixie/patches/0001-Roll-up-TIS-patches.patch Normal file
View File

@@ -0,0 +1,148 @@
From ff98c42f0e6ce22969e986933d0a60d73a281a1d Mon Sep 17 00:00:00 2001
From: Don Penney <don.penney@windriver.com>
Date: Tue, 10 Jan 2017 13:31:17 -0500
Subject: [PATCH 1/5] Roll up TIS patches
---
manifests/mon.pp | 14 +++++++++++---
manifests/osd.pp | 38 +++++++++++++++++++-------------------
manifests/rgw.pp | 7 +++++++
3 files changed, 37 insertions(+), 22 deletions(-)
diff --git a/manifests/mon.pp b/manifests/mon.pp
index bc0298c..fa99df5 100644
--- a/manifests/mon.pp
+++ b/manifests/mon.pp
@@ -65,6 +65,8 @@ define ceph::mon (
$authentication_type = 'cephx',
$key = undef,
$keyring = undef,
+ $fsid = undef,
+ $service_ensure = 'running',
$exec_timeout = $::ceph::params::exec_timeout,
) {
@@ -154,6 +156,10 @@ test -e \$mon_data/done
}
}
+ if $fsid {
+ $fsid_option = "--fsid ${fsid}"
+ }
+
Ceph_config<||>
# prevent automatic creation of the client.admin key by ceph-create-keys
-> exec { "ceph-mon-${cluster_name}.client.admin.keyring-${id}":
@@ -176,7 +182,8 @@ if [ ! -d \$mon_data ] ; then
--setuser ceph --setgroup ceph \
--mkfs \
--id ${id} \
- --keyring ${keyring_path} ; then
+ --keyring ${keyring_path} \
+ ${fsid_option} ; then
touch \$mon_data/done \$mon_data/${init} \$mon_data/keyring
chown -h ceph:ceph \$mon_data/done \$mon_data/${init} \$mon_data/keyring
else
@@ -186,7 +193,8 @@ if [ ! -d \$mon_data ] ; then
if ceph-mon ${cluster_option} \
--mkfs \
--id ${id} \
- --keyring ${keyring_path} ; then
+ --keyring ${keyring_path} \
+ ${fsid_option} ; then
touch \$mon_data/done \$mon_data/${init} \$mon_data/keyring
else
rm -fr \$mon_data
@@ -203,7 +211,7 @@ test -d \$mon_data
timeout => $exec_timeout,
}
-> service { $mon_service:
- ensure => running,
+ ensure => $service_ensure,
}
# if the service is running before we setup the configs, notify service
diff --git a/manifests/osd.pp b/manifests/osd.pp
index d24b95e..9b8cd99 100644
--- a/manifests/osd.pp
+++ b/manifests/osd.pp
@@ -52,6 +52,8 @@ define ceph::osd (
$ensure = present,
$journal = "''",
$cluster = undef,
+ $cluster_uuid = undef,
+ $uuid = undef,
$exec_timeout = $::ceph::params::exec_timeout,
$selinux_file_context = 'ceph_var_lib_t',
$fsid = $::ceph::profile::params::fsid,
@@ -68,6 +70,14 @@ define ceph::osd (
}
$cluster_option = "--cluster ${cluster_name}"
+ if $cluster_uuid {
+ $cluster_uuid_option = "--cluster-uuid ${cluster_uuid}"
+ }
+
+ if $uuid {
+ $uuid_option = "--osd-uuid ${uuid}"
+ }
+
if $ensure == present {
$ceph_check_udev = "ceph-osd-check-udev-${name}"
@@ -120,25 +130,15 @@ test -z $(ceph-disk list $(readlink -f ${data}) | egrep -o '[0-9a-f]{8}-([0-9a-f
Exec[$ceph_check_udev] -> Exec[$ceph_prepare]
# ceph-disk: prepare should be idempotent http://tracker.ceph.com/issues/7475
exec { $ceph_prepare:
- command => "/bin/true # comment to satisfy puppet syntax requirements
-set -ex
-disk=$(readlink -f ${data})
-if ! test -b \$disk ; then
- echo \$disk | egrep -e '^/dev' -q -v
- mkdir -p \$disk
- if getent passwd ceph >/dev/null 2>&1; then
- chown -h ceph:ceph \$disk
- fi
-fi
-ceph-disk prepare ${cluster_option} ${fsid_option} $(readlink -f ${data}) $(readlink -f ${journal})
-udevadm settle
-",
- unless => "/bin/true # comment to satisfy puppet syntax requirements
-set -ex
-disk=$(readlink -f ${data})
-ceph-disk list | egrep \" *(\${disk}1?|\${disk}p1?) .*ceph data, (prepared|active)\" ||
-{ test -f \$disk/fsid && test -f \$disk/ceph_fsid && test -f \$disk/magic ;}
-",
+
+ command => "/usr/sbin/ceph-disk prepare ${cluster_option} ${cluster_uuid_option} ${uuid_option} --fs-type xfs --zap-disk ${data} ${journal}",
+ # We don't want to erase the disk if:
+ # 1. There is already ceph data on the disk for our cluster AND
+ # 2. The uuid for the OSD we are configuring matches the uuid for the
+ # OSD on the disk. We don't want to attempt to re-use an OSD that
+ # had previously been deleted.
+ unless => "/usr/sbin/ceph-disk list | grep -v 'unknown cluster' | grep ' *${data}.*ceph data' | grep 'osd uuid ${uuid}'",
+
logoutput => true,
timeout => $exec_timeout,
tag => 'prepare',
diff --git a/manifests/rgw.pp b/manifests/rgw.pp
index 2612785..ebc83ce 100644
--- a/manifests/rgw.pp
+++ b/manifests/rgw.pp
@@ -185,6 +185,13 @@ define ceph::rgw (
provider => $::ceph::params::service_provider,
}
# Everything else that is supported by puppet-ceph should run systemd.
+ } elsif $::service_provider == 'systemd' {
+ Service {
+ name => "radosgw-${name}",
+ start => "systemctl start ceph-radosgw",
+ stop => "systemctl stop ceph-radosgw",
+ status => "systemctl status ceph-radosgw",
+ }
} else {
Service {
name => "ceph-radosgw@${name}",
--
2.7.4

47
config/puppet-modules/openstack/puppet-ceph/debian/trixie/patches/0002-Newton-rebase-fixes.patch Normal file
View File

@@ -0,0 +1,47 @@
From 570520c5197dd36c3e4a7956d5916426fb75856a Mon Sep 17 00:00:00 2001
From: Don Penney <don.penney@windriver.com>
Date: Tue, 7 Feb 2017 15:49:02 -0500
Subject: [PATCH] Newton rebase fixes
---
manifests/mon.pp | 9 ++++++---
manifests/osd.pp | 2 +-
2 files changed, 7 insertions(+), 4 deletions(-)
diff --git a/manifests/mon.pp b/manifests/mon.pp
index fa99df5..b3458d6 100644
--- a/manifests/mon.pp
+++ b/manifests/mon.pp
@@ -99,10 +99,13 @@ define ceph::mon (
}
# Everything else that is supported by puppet-ceph should run systemd.
} else {
- $init = 'systemd'
+ $init = 'sysvinit'
Service {
- name => "ceph-mon@${id}",
- enable => $mon_enable,
+ name => "ceph-mon-${id}",
+ provider => $::ceph::params::service_provider,
+ start => "service ceph start mon.${id}",
+ stop => "service ceph stop mon.${id}",
+ status => "service ceph status mon.${id}",
}
}
diff --git a/manifests/osd.pp b/manifests/osd.pp
index 9b8cd99..2187361 100644
--- a/manifests/osd.pp
+++ b/manifests/osd.pp
@@ -56,7 +56,7 @@ define ceph::osd (
$uuid = undef,
$exec_timeout = $::ceph::params::exec_timeout,
$selinux_file_context = 'ceph_var_lib_t',
- $fsid = $::ceph::profile::params::fsid,
+ $fsid = undef,
) {
include ::ceph::params
--
2.7.4

110
config/puppet-modules/openstack/puppet-ceph/debian/trixie/patches/0003-Ceph-Jewel-rebase.patch Normal file
View File

@@ -0,0 +1,110 @@
From c9a5520620d313c08e7f751f3469ec5f4c220486 Mon Sep 17 00:00:00 2001
From: Daniel Badea <daniel.badea@windriver.com>
Date: Thu, 23 Mar 2017 08:04:31 +0000
Subject: [PATCH] ceph jewel rebase
---
manifests/mon.pp | 1 +
manifests/rgw.pp | 33 +++++++++++++++++++++++++--------
manifests/rgw/keystone.pp | 6 +++---
3 files changed, 29 insertions(+), 11 deletions(-)
diff --git a/manifests/mon.pp b/manifests/mon.pp
index b3458d6..17cb925 100644
--- a/manifests/mon.pp
+++ b/manifests/mon.pp
@@ -106,6 +106,7 @@ define ceph::mon (
start => "service ceph start mon.${id}",
stop => "service ceph stop mon.${id}",
status => "service ceph status mon.${id}",
+ enable => $mon_enable,
}
}
diff --git a/manifests/rgw.pp b/manifests/rgw.pp
index ebc83ce..56fb4a8 100644
--- a/manifests/rgw.pp
+++ b/manifests/rgw.pp
@@ -193,23 +193,40 @@ define ceph::rgw (
status => "systemctl status ceph-radosgw",
}
} else {
+ if $rgw_enable {
+ file { "${rgw_data}/sysvinit":
+ ensure => present,
+ before => Service["radosgw-${name}"],
+ }
+ }
+
Service {
- name => "ceph-radosgw@${name}",
- enable => $rgw_enable,
+ name => "radosgw-${name}",
+ start => 'service radosgw start',
+ stop => 'service radosgw stop',
+ status => 'service radosgw status',
+ provider => $::ceph::params::service_provider,
}
}
- service { $rgw_service:
+ #for RHEL/CentOS7, systemctl needs to reload to pickup the ceph-radosgw init file
+ if (($::operatingsystem == 'RedHat' or $::operatingsystem == 'CentOS') and (versioncmp($::operatingsystemmajrelease, '7') >= 0))
+ {
+ exec { 'systemctl-reload-from-rgw': #needed for the new init file
+ command => '/usr/bin/systemctl daemon-reload',
+ }
+ }
+ service { "radosgw-${name}":
ensure => $rgw_ensure,
- tag => ['ceph-radosgw']
+ tag => ['radosgw']
}
- Ceph_config<||> ~> Service<| tag == 'ceph-radosgw' |>
+ Ceph_config<||> -> Service["radosgw-${name}"]
Package<| tag == 'ceph' |> -> File['/var/lib/ceph/radosgw']
Package<| tag == 'ceph' |> -> File[$log_file]
File['/var/lib/ceph/radosgw']
-> File[$rgw_data]
- -> Service<| tag == 'ceph-radosgw' |>
- File[$log_file] -> Service<| tag == 'ceph-radosgw' |>
- Ceph::Pool<||> -> Service<| tag == 'ceph-radosgw' |>
+ -> Service["radosgw-${name}"]
+ File[$log_file] -> Service["radosgw-${name}"]
+ Ceph::Pool<||> -> Service["radosgw-${name}"]
}
diff --git a/manifests/rgw/keystone.pp b/manifests/rgw/keystone.pp
index 8351177..c371fd0 100644
--- a/manifests/rgw/keystone.pp
+++ b/manifests/rgw/keystone.pp
@@ -148,7 +148,7 @@ define ceph::rgw::keystone (
exec { "${name}-nssdb-ca":
command => "/bin/true # comment to satisfy puppet syntax requirements
set -ex
-wget --no-check-certificate ${rgw_keystone_url}/v2.0/certificates/ca -O - |
+wget --no-check-certificate ${rgw_keystone_url}/${rgw_keystone_version}/certificates/ca -O - |
openssl x509 -pubkey | certutil -A -d ${nss_db_path} -n ca -t \"TCu,Cu,Tuw\"
",
unless => "/bin/true # comment to satisfy puppet syntax requirements
@@ -161,7 +161,7 @@ certutil -d ${nss_db_path} -L | grep ^ca
exec { "${name}-nssdb-signing":
command => "/bin/true # comment to satisfy puppet syntax requirements
set -ex
-wget --no-check-certificate ${rgw_keystone_url}/v2.0/certificates/signing -O - |
+wget --no-check-certificate ${rgw_keystone_url}/${rgw_keystone_version}/certificates/signing -O - |
openssl x509 -pubkey | certutil -A -d ${nss_db_path} -n signing_cert -t \"P,P,P\"
",
unless => "/bin/true # comment to satisfy puppet syntax requirements
@@ -176,7 +176,7 @@ certutil -d ${nss_db_path} -L | grep ^signing_cert
-> File[$nss_db_path]
-> Exec["${name}-nssdb-ca"]
-> Exec["${name}-nssdb-signing"]
- ~> Service<| tag == 'ceph-radosgw' |>
+ ~> Service<| tag == 'radosgw' |>
} else {
ceph_config {
"client.${name}/nss_db_path": ensure => absent;
--
2.7.4

29
config/puppet-modules/openstack/puppet-ceph/debian/trixie/patches/0004-US92424-Add-OSD-support-for-persistent-naming.patch Normal file
View File

@@ -0,0 +1,29 @@
From 7a4c325194885dc43fc87f7094873e0067801652 Mon Sep 17 00:00:00 2001
From: Robert Church <robert.church@windriver.com>
Date: Thu, 13 Apr 2017 20:31:21 -0500
Subject: [PATCH] US92424: Add OSD support for persistent naming
This allows the manifest to provide udev generated /dev/disk/by-* links
to configure the OSDs without requiring any additional changes. The
'readlink -f' will produce the currently enumerated device node
associated with udev link.
---
manifests/osd.pp | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/manifests/osd.pp b/manifests/osd.pp
index 2187361..d9cf5b1 100644
--- a/manifests/osd.pp
+++ b/manifests/osd.pp
@@ -61,7 +61,7 @@ define ceph::osd (
include ::ceph::params
- $data = $name
+ $data = generate('/bin/bash','-c',"/bin/readlink -f ${name}")
if $cluster {
$cluster_name = $cluster
--
2.7.4

68
config/puppet-modules/openstack/puppet-ceph/debian/trixie/patches/0006-ceph-disk-prepare-invalid-data-disk-value.patch Normal file
View File

@@ -0,0 +1,68 @@
From 5d8f3dd5d18d611151b4658c5c876e8a3ad8fe51 Mon Sep 17 00:00:00 2001
From: Daniel Badea <daniel.badea@windriver.com>
Date: Wed, 31 Oct 2018 16:28:45 +0000
Subject: [PATCH] ceph-disk prepare invalid data disk value
ceph-disk prepare data OSD parameter contains a new line causing
puppet manifest to fail:
1. $data = generate('/bin/bash','-c',"/bin/readlink -f ${name}")
is expanded together with a new line in:
exec { $ceph_prepare:
command => "/usr/sbin/ceph-disk prepare ${cluster_option}
${cluster_uuid_option} ${uuid_option}
--fs-type xfs --zap-disk ${data} ${journal}"
just before ${journal} is expanded. Puppet reports:
sh: line 1: : command not found
when trying to run '' (default journal value).
2. 'readlink' should be called when running ceph-disk prepare
command, not when the puppet resource is defined. Let
exec's shell call readlink instead of using puppet's
generate() . See also:
https://github.com/openstack/puppet-ceph/commit/ff2b2e689846dd3d980c7c706c591e8cfb8f33a9
Added --verbose and --log-stdout options to log commands executed
by 'ceph-disk prepare' and identify where it fails.
---
manifests/osd.pp | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/manifests/osd.pp b/manifests/osd.pp
index d9cf5b1..889d28a 100644
--- a/manifests/osd.pp
+++ b/manifests/osd.pp
@@ -61,7 +61,7 @@ define ceph::osd (
include ::ceph::params
- $data = generate('/bin/bash','-c',"/bin/readlink -f ${name}")
+ $data = $name
if $cluster {
$cluster_name = $cluster
@@ -131,13 +131,13 @@ test -z $(ceph-disk list $(readlink -f ${data}) | egrep -o '[0-9a-f]{8}-([0-9a-f
# ceph-disk: prepare should be idempotent http://tracker.ceph.com/issues/7475
exec { $ceph_prepare:
- command => "/usr/sbin/ceph-disk prepare ${cluster_option} ${cluster_uuid_option} ${uuid_option} --fs-type xfs --zap-disk ${data} ${journal}",
+ command => "/usr/sbin/ceph-disk --verbose --log-stdout prepare ${cluster_option} ${cluster_uuid_option} ${uuid_option} --fs-type xfs --zap-disk $(readlink -f ${data}) $(readlink -f ${journal})",
# We don't want to erase the disk if:
# 1. There is already ceph data on the disk for our cluster AND
# 2. The uuid for the OSD we are configuring matches the uuid for the
# OSD on the disk. We don't want to attempt to re-use an OSD that
# had previously been deleted.
- unless => "/usr/sbin/ceph-disk list | grep -v 'unknown cluster' | grep ' *${data}.*ceph data' | grep 'osd uuid ${uuid}'",
+ unless => "/usr/sbin/ceph-disk list | grep -v 'unknown cluster' | grep \" *$(readlink -f ${data}).*ceph data\" | grep 'osd uuid ${uuid}'",
logoutput => true,
timeout => $exec_timeout,
--
2.16.5

35
config/puppet-modules/openstack/puppet-ceph/debian/trixie/patches/0007-Add-StarlingX-specific-restart-command-for-Ceph-moni.patch Normal file
View File

@@ -0,0 +1,35 @@
From a364f37cacab78cdaad5ebd23ab24cf400a3fa40 Mon Sep 17 00:00:00 2001
From: Ovidiu Poncea <ovidiu.poncea@windriver.com>
Date: Thu, 20 Dec 2018 07:18:55 -0500
Subject: [PATCH] Add StarlingX specific restart command for Ceph monitors
Since we don't use systemd to manage Ceph and we have pmon monitoring we
have to make sure that:
1. Restarting is properly handled as "systemctl restart" will return error
and manifest will fail;
2. Pmon does not check ceph-mon status during restart. Otherwise we risk
getting into a race condition between the puppet restart and pmon
detecting that ceph is down and trying a restart.
Both are resolved when using /etc/init.d/ceph-init-wrapper restart
Signed-off-by: Ovidiu Poncea <Ovidiu.Poncea@windriver.com>
---
manifests/mon.pp | 1 +
1 file changed, 1 insertion(+)
diff --git a/manifests/mon.pp b/manifests/mon.pp
index 17cb925..62d5059 100644
--- a/manifests/mon.pp
+++ b/manifests/mon.pp
@@ -106,6 +106,7 @@ define ceph::mon (
start => "service ceph start mon.${id}",
stop => "service ceph stop mon.${id}",
status => "service ceph status mon.${id}",
+ restart => "/etc/init.d/ceph-init-wrapper restart mon.${id}",
enable => $mon_enable,
}
}
--
1.8.3.1

64
config/puppet-modules/openstack/puppet-ceph/debian/trixie/patches/0008-ceph-mimic-prepare-activate-osd.patch Normal file
View File

@@ -0,0 +1,64 @@
From 4c2e2a196cb5a6890e35098c8499688fc1c26f5c Mon Sep 17 00:00:00 2001
From: Daniel Badea <daniel.badea@windriver.com>
Date: Thu, 4 Apr 2019 16:52:12 +0000
Subject: [PATCH] ceph-mimic-prepare-activate-osd
Prepare and activate disk using filestore
and given OSD id.
---
manifests/osd.pp | 18 ++++++++++++++++--
1 file changed, 16 insertions(+), 2 deletions(-)
diff --git a/manifests/osd.pp b/manifests/osd.pp
index 889d28a..c51a445 100644
--- a/manifests/osd.pp
+++ b/manifests/osd.pp
@@ -54,6 +54,7 @@ define ceph::osd (
$cluster = undef,
$cluster_uuid = undef,
$uuid = undef,
+ $osdid = undef,
$exec_timeout = $::ceph::params::exec_timeout,
$selinux_file_context = 'ceph_var_lib_t',
$fsid = undef,
@@ -78,6 +79,10 @@ define ceph::osd (
$uuid_option = "--osd-uuid ${uuid}"
}
+ if $osdid {
+ $osdid_option = "--osd-id ${osdid}"
+ }
+
if $ensure == present {
$ceph_check_udev = "ceph-osd-check-udev-${name}"
@@ -131,7 +136,16 @@ test -z $(ceph-disk list $(readlink -f ${data}) | egrep -o '[0-9a-f]{8}-([0-9a-f
# ceph-disk: prepare should be idempotent http://tracker.ceph.com/issues/7475
exec { $ceph_prepare:
- command => "/usr/sbin/ceph-disk --verbose --log-stdout prepare ${cluster_option} ${cluster_uuid_option} ${uuid_option} --fs-type xfs --zap-disk $(readlink -f ${data}) $(readlink -f ${journal})",
+ command => "/bin/true # comment to satisfy puppet syntax requirements
+set -ex
+ceph-disk --verbose --log-stdout prepare --filestore ${cluster_uuid_option} ${uuid_option} ${osdid_option} --fs-type xfs --zap-disk $(readlink -f ${data}) $(readlink -f ${journal})
+mkdir -p /var/lib/ceph/osd/ceph-${osdid}
+ceph auth del osd.${osdid} || true
+mount $(readlink -f ${data})1 /var/lib/ceph/osd/ceph-${osdid}
+ceph-osd --id ${osdid} --mkfs --mkkey --mkjournal
+ceph auth add osd.${osdid} osd 'allow *' mon 'allow rwx' -i /var/lib/ceph/osd/ceph-${osdid}/keyring
+umount /var/lib/ceph/osd/ceph-${osdid}
+",
# We don't want to erase the disk if:
# 1. There is already ceph data on the disk for our cluster AND
# 2. The uuid for the OSD we are configuring matches the uuid for the
@@ -171,7 +185,7 @@ if ! test -b \$disk ; then
fi
# activate happens via udev when using the entire device
if ! test -b \$disk || ! test -b \${disk}1 || ! test -b \${disk}p1 ; then
- ceph-disk activate \$disk || true
+ ceph-disk activate \${disk}1 || true
fi
if test -f ${udev_rules_file}.disabled && ( test -b \${disk}1 || test -b \${disk}p1 ); then
ceph-disk activate \${disk}1 || true
--
1.8.3.1

89
config/puppet-modules/openstack/puppet-ceph/debian/trixie/patches/0009-fix-ceph-osd-disk-partition-for-nvme-disks.patch Normal file
View File

@@ -0,0 +1,89 @@
From b0dd34d2d580c817f9ef6eb62927ba63bebe73c3 Mon Sep 17 00:00:00 2001
From: Daniel Badea <daniel.badea@windriver.com>
Date: Thu, 25 Apr 2019 15:37:53 +0000
Subject: [PATCH] fix ceph osd disk partition for nvme disks
---
manifests/osd.pp | 38 +++++++++++++++++++++++++++++++-------
1 file changed, 31 insertions(+), 7 deletions(-)
diff --git a/manifests/osd.pp b/manifests/osd.pp
index c51a445..5bd30c5 100644
--- a/manifests/osd.pp
+++ b/manifests/osd.pp
@@ -138,10 +138,17 @@ test -z $(ceph-disk list $(readlink -f ${data}) | egrep -o '[0-9a-f]{8}-([0-9a-f
command => "/bin/true # comment to satisfy puppet syntax requirements
set -ex
-ceph-disk --verbose --log-stdout prepare --filestore ${cluster_uuid_option} ${uuid_option} ${osdid_option} --fs-type xfs --zap-disk $(readlink -f ${data}) $(readlink -f ${journal})
+disk=$(readlink -f ${data})
+ceph-disk --verbose --log-stdout prepare --filestore ${cluster_uuid_option} ${uuid_option} ${osdid_option} --fs-type xfs --zap-disk \${disk} $(readlink -f ${journal})
mkdir -p /var/lib/ceph/osd/ceph-${osdid}
ceph auth del osd.${osdid} || true
-mount $(readlink -f ${data})1 /var/lib/ceph/osd/ceph-${osdid}
+part=\${disk}
+if [[ \$part == *nvme* ]]; then
+ part=\${part}p1
+else
+ part=\${part}1
+fi
+mount $(readlink -f \${part}) /var/lib/ceph/osd/ceph-${osdid}
ceph-osd --id ${osdid} --mkfs --mkkey --mkjournal
ceph auth add osd.${osdid} osd 'allow *' mon 'allow rwx' -i /var/lib/ceph/osd/ceph-${osdid}/keyring
umount /var/lib/ceph/osd/ceph-${osdid}
@@ -183,12 +190,17 @@ if ! test -b \$disk ; then
chown -h ceph:ceph \$disk
fi
fi
-# activate happens via udev when using the entire device
+part=\${disk}
+if [[ \${part} == *nvme* ]]; then
+ part=\${part}p1
+else
+ part=\${part}1
+fi
if ! test -b \$disk || ! test -b \${disk}1 || ! test -b \${disk}p1 ; then
- ceph-disk activate \${disk}1 || true
+ ceph-disk activate \${part} || true
fi
if test -f ${udev_rules_file}.disabled && ( test -b \${disk}1 || test -b \${disk}p1 ); then
- ceph-disk activate \${disk}1 || true
+ ceph-disk activate \${part} || true
fi
",
unless => "/bin/true # comment to satisfy puppet syntax requirements
@@ -206,8 +218,14 @@ ls -ld /var/lib/ceph/osd/${cluster_name}-* | grep \" $(readlink -f ${data})\$\"
command => "/bin/true # comment to satisfy puppet syntax requirements
set -ex
disk=$(readlink -f ${data})
+part=\${disk}
+if [[ \${part} == *nvme* ]]; then
+ part=\${part}p1
+else
+ part=\${part}1
+fi
if [ -z \"\$id\" ] ; then
- id=$(ceph-disk list | sed -nEe \"s:^ *\${disk}1? .*(ceph data|mounted on).*osd\\.([0-9]+).*:\\2:p\")
+ id=$(ceph-disk list | sed -nEe \"s:^ *\${part}? .*(ceph data|mounted on).*osd\\.([0-9]+).*:\\2:p\")
fi
if [ -z \"\$id\" ] ; then
id=$(ls -ld /var/lib/ceph/osd/${cluster_name}-* | sed -nEe \"s:.*/${cluster_name}-([0-9]+) *-> *\${disk}\$:\\1:p\" || true)
@@ -227,8 +245,14 @@ fi
unless => "/bin/true # comment to satisfy puppet syntax requirements
set -ex
disk=$(readlink -f ${data})
+part=${disk}
+if [[ \$part == *nvme* ]]; then
+ part=\${part}p1
+else
+ part=\${part}1
+fi
if [ -z \"\$id\" ] ; then
- id=$(ceph-disk list | sed -nEe \"s:^ *\${disk}1? .*(ceph data|mounted on).*osd\\.([0-9]+).*:\\2:p\")
+ id=$(ceph-disk list | sed -nEe \"s:^ *\${part}? .*(ceph data|mounted on).*osd\\.([0-9]+).*:\\2:p\")
fi
if [ -z \"\$id\" ] ; then
id=$(ls -ld /var/lib/ceph/osd/${cluster_name}-* | sed -nEe \"s:.*/${cluster_name}-([0-9]+) *-> *\${disk}\$:\\1:p\" || true)
--
1.8.3.1

25
config/puppet-modules/openstack/puppet-ceph/debian/trixie/patches/0010-wipe-unprepared-disks.patch Normal file
View File

@@ -0,0 +1,25 @@
From 828af5dec53192207637d15397887e058d6ea0fb Mon Sep 17 00:00:00 2001
From: Daniel Badea <daniel.badea@windriver.com>
Date: Fri, 26 Apr 2019 00:22:12 +0000
Subject: [PATCH] wipe unprepared disks
---
manifests/osd.pp | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/manifests/osd.pp b/manifests/osd.pp
index 5bd30c5..ab65924 100644
--- a/manifests/osd.pp
+++ b/manifests/osd.pp
@@ -158,7 +158,7 @@ umount /var/lib/ceph/osd/ceph-${osdid}
# 2. The uuid for the OSD we are configuring matches the uuid for the
# OSD on the disk. We don't want to attempt to re-use an OSD that
# had previously been deleted.
- unless => "/usr/sbin/ceph-disk list | grep -v 'unknown cluster' | grep \" *$(readlink -f ${data}).*ceph data\" | grep 'osd uuid ${uuid}'",
+ unless => "/usr/sbin/ceph-disk list | grep -v 'unknown cluster' | grep \" *$(readlink -f ${data}).*ceph data\" | grep -v unprepared | grep 'osd uuid ${uuid}'",
logoutput => true,
timeout => $exec_timeout,
--
1.8.3.1

65
config/puppet-modules/openstack/puppet-ceph/debian/trixie/patches/0011-Fix-service-parameter-passing.patch Normal file
View File

@@ -0,0 +1,65 @@
1From 62732269d5537270f9d81fd1583431092eed2d2b Mon Sep 17 00:00:00 2001
From: Dan Voiculeasa <dan.voiculeasa@windriver.com>
Date: Fri, 11 Mar 2022 16:33:41 +0200
Subject: [PATCH] Fix service parameter passing
On debian passing the parameters needs to a service call needs to
happen after the '--' construct, otherwise not all parameters are
passed.
For example the logs showed attempts to start mon + osd when
'service ceph start mon.<id>' was called, which led to failures
bacause the disk for osd was not initialized yet.
Signed-off-by: Dan Voiculeasa <dan.voiculeasa@windriver.com>
---
manifests/mon.pp | 6 +++---
manifests/osd.pp | 2 +-
spec/defines/ceph_osd_spec.rb | 2 +-
3 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/manifests/mon.pp b/manifests/mon.pp
index 62d5059..6d1294e 100644
--- a/manifests/mon.pp
+++ b/manifests/mon.pp
@@ -103,9 +103,9 @@ define ceph::mon (
Service {
name => "ceph-mon-${id}",
provider => $::ceph::params::service_provider,
- start => "service ceph start mon.${id}",
- stop => "service ceph stop mon.${id}",
- status => "service ceph status mon.${id}",
+ start => "service ceph -- start mon.${id}",
+ stop => "service ceph -- stop mon.${id}",
+ status => "service ceph -- status mon.${id}",
restart => "/etc/init.d/ceph-init-wrapper restart mon.${id}",
enable => $mon_enable,
}
diff --git a/manifests/osd.pp b/manifests/osd.pp
index ab65924..8baa49a 100644
--- a/manifests/osd.pp
+++ b/manifests/osd.pp
@@ -232,7 +232,7 @@ if [ -z \"\$id\" ] ; then
fi
if [ \"\$id\" ] ; then
stop ceph-osd cluster=${cluster_name} id=\$id || true
- service ceph stop osd.\$id || true
+ service ceph -- stop osd.\$id || true
systemctl stop ceph-osd@\$id || true
ceph ${cluster_option} osd crush remove osd.\$id
ceph ${cluster_option} auth del osd.\$id
diff --git a/spec/defines/ceph_osd_spec.rb b/spec/defines/ceph_osd_spec.rb
index a0b917f..59f0352 100644
--- a/spec/defines/ceph_osd_spec.rb
+++ b/spec/defines/ceph_osd_spec.rb
@@ -338,7 +338,7 @@ if [ -z \"\$id\" ] ; then
fi
if [ \"\$id\" ] ; then
stop ceph-osd cluster=ceph id=\$id || true
- service ceph stop osd.\$id || true
+ service ceph -- stop osd.\$id || true
systemctl stop ceph-osd@$id || true
ceph --cluster ceph osd crush remove osd.\$id
ceph --cluster ceph auth del osd.\$id
--
2.30.0

79
config/puppet-modules/openstack/puppet-ceph/debian/trixie/patches/0012-Add-multipath-disk-support.patch Normal file
View File

@@ -0,0 +1,79 @@
From: Matheus Guilhermino <matheus.machadoguilhermino@windriver.com>
Date: Mon, 13 Feb 2023 16:41:29 -0300
Subject: Add multipath disk support
To support multipath devices, detect when a persistent device name
evaluates to a device mapper device and derive the data partition based on
what is required by the subsequent command.
Fix parsing of 'ceph-disk list' output so that it properly identifies
the OSD.
Signed-off-by: Robert Church <robert.church@windriver.com>
Signed-off-by: Matheus Guilhermino <matheus.machadoguilhermino@windriver.com>
---
manifests/osd.pp | 20 ++++++++++++++------
1 file changed, 14 insertions(+), 6 deletions(-)
diff --git a/manifests/osd.pp b/manifests/osd.pp
index 8baa49a..f77e851 100644
--- a/manifests/osd.pp
+++ b/manifests/osd.pp
@@ -143,7 +143,9 @@ ceph-disk --verbose --log-stdout prepare --filestore ${cluster_uuid_option} ${u
mkdir -p /var/lib/ceph/osd/ceph-${osdid}
ceph auth del osd.${osdid} || true
part=\${disk}
-if [[ \$part == *nvme* ]]; then
+if [[ \${disk} == *dm-* ]]; then
+ part=${data}-part1
+elif [[ \${part} == *nvme* ]]; then
part=\${part}p1
else
part=\${part}1
@@ -191,7 +193,9 @@ if ! test -b \$disk ; then
fi
fi
part=\${disk}
-if [[ \${part} == *nvme* ]]; then
+if [[ \${disk} == *dm-* ]]; then
+ part=${data}-part1
+elif [[ \${part} == *nvme* ]]; then
part=\${part}p1
else
part=\${part}1
@@ -219,13 +223,15 @@ ls -ld /var/lib/ceph/osd/${cluster_name}-* | grep \" $(readlink -f ${data})\$\"
set -ex
disk=$(readlink -f ${data})
part=\${disk}
-if [[ \${part} == *nvme* ]]; then
+if [[ \${disk} == *dm-* ]]; then
+ part=$(readlink -f ${data}-part1)
+elif [[ \${part} == *nvme* ]]; then
part=\${part}p1
else
part=\${part}1
fi
if [ -z \"\$id\" ] ; then
- id=$(ceph-disk list | sed -nEe \"s:^ *\${part}? .*(ceph data|mounted on).*osd\\.([0-9]+).*:\\2:p\")
+ id=$(ceph-disk list | sed -nEe \"s:^ .*${part} .*(ceph data|mounted on).*osd/ceph-([0-9]+).*:\\2:p\")
fi
if [ -z \"\$id\" ] ; then
id=$(ls -ld /var/lib/ceph/osd/${cluster_name}-* | sed -nEe \"s:.*/${cluster_name}-([0-9]+) *-> *\${disk}\$:\\1:p\" || true)
@@ -246,13 +252,15 @@ fi
set -ex
disk=$(readlink -f ${data})
part=${disk}
-if [[ \$part == *nvme* ]]; then
+if [[ \${disk} == *dm-* ]]; then
+ part=${data}-part1
+elif [[ \${part} == *nvme* ]]; then
part=\${part}p1
else
part=\${part}1
fi
if [ -z \"\$id\" ] ; then
- id=$(ceph-disk list | sed -nEe \"s:^ *\${part}? .*(ceph data|mounted on).*osd\\.([0-9]+).*:\\2:p\")
+ id=$(ceph-disk list | sed -nEe \"s:^ .*${part} .*(ceph data|mounted on).*osd/ceph-([0-9]+).*:\\2:p\")
fi
if [ -z \"\$id\" ] ; then
id=$(ls -ld /var/lib/ceph/osd/${cluster_name}-* | sed -nEe \"s:.*/${cluster_name}-([0-9]+) *-> *\${disk}\$:\\1:p\" || true)

44
config/puppet-modules/openstack/puppet-ceph/debian/trixie/patches/0013-Fix-puppet-ceph-multipath-ceph-partition-detection.patch Normal file
View File

@@ -0,0 +1,44 @@
From df61ca00f106f0dbf3a2add926d55d323ca6d941 Mon Sep 17 00:00:00 2001
From: Felipe Sanches Zanoni <Felipe.SanchesZanoni@windriver.com>
Date: Sat, 11 Mar 2023 10:35:01 -0300
Subject: [PATCH] Fix puppet-ceph multipath ceph partition detection
The puppet-ceph module is not correctly checking the OSD
partition when it belongs to a multipath disk or any /dev/dm-X
device.
This fix changes the parsing string when running ceph-disk list
command to verify osd disk is already created.
Signed-off-by: Felipe Sanches Zanoni <Felipe.SanchesZanoni@windriver.com>
---
manifests/osd.pp | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/manifests/osd.pp b/manifests/osd.pp
index f77e851..f97a3ab 100644
--- a/manifests/osd.pp
+++ b/manifests/osd.pp
@@ -160,8 +160,17 @@ umount /var/lib/ceph/osd/ceph-${osdid}
# 2. The uuid for the OSD we are configuring matches the uuid for the
# OSD on the disk. We don't want to attempt to re-use an OSD that
# had previously been deleted.
- unless => "/usr/sbin/ceph-disk list | grep -v 'unknown cluster' | grep \" *$(readlink -f ${data}).*ceph data\" | grep -v unprepared | grep 'osd uuid ${uuid}'",
-
+ unless => "/bin/true # comment to satisfy puppet syntax requirements
+set -e
+disk=$(readlink -f ${data})
+# If disk is multipath, must add partition number at the end of string.
+if [[ \${disk} == *dm-* ]]; then
+ ceph_part=${data}-part1
+else
+ ceph_part=${data}
+fi
+/usr/sbin/ceph-disk list | grep -v 'unknown cluster' | grep \" *$(readlink -f \${ceph_part}).*ceph data\" | grep -v unprepared | grep 'osd uuid ${uuid}'
+",
logoutput => true,
timeout => $exec_timeout,
tag => 'prepare',
--
2.25.1

56
config/puppet-modules/openstack/puppet-ceph/debian/trixie/patches/0014-Adjust-puppet-ceph-dependency-requirements.patch Normal file
View File

@@ -0,0 +1,56 @@
From 50d62b14859e92f5ea32e7dfa46aff99b85ecc26 Mon Sep 17 00:00:00 2001
From: Matheus Guilhermino <matheus.machadoguilhermino@windriver.com>
Date: Tue, 6 Jun 2023 15:33:16 -0300
Subject: [PATCH] Adjust puppet-ceph dependency requirements
Puppet throws a few warnings during bootstrap because some
dependencies are not within the accepted version range. This
happens because those dependencies are at their latest
versions but we are running an older version of ceph in
order to have the ceph-disk functionality.
The proper fix would be upgrading ceph to a higher version,
but since there are plans in place to implement rook-ceph in
the future, this change increases the range of accepted
versions for the affected dependencies.
Signed-off-by: Matheus Guilhermino <matheus.machadoguilhermino@windriver.com>
---
metadata.json | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/metadata.json b/metadata.json
index a760f1c..f8b1c7c 100644
--- a/metadata.json
+++ b/metadata.json
@@ -49,23 +49,23 @@
"dependencies": [
{
"name": "puppetlabs/apt",
- "version_requirement": ">=2.0.0 <3.0.0"
+ "version_requirement": ">=2.0.0 <7.0.0"
},
{
"name": "puppetlabs/apache",
- "version_requirement": ">=1.4.1 <2.0.0"
+ "version_requirement": ">=1.4.1 <6.0.0"
},
{
"name": "puppetlabs/concat",
- "version_requirement": ">=1.2.1 <3.0.0"
+ "version_requirement": ">=1.2.1 <6.0.0"
},
{
"name": "puppetlabs/inifile",
- "version_requirement": ">=1.0.0 <2.0.0"
+ "version_requirement": ">=1.0.0 <3.0.0"
},
{
"name": "puppetlabs/stdlib",
- "version_requirement": ">=4.10.0 <5.0.0"
+ "version_requirement": ">=4.10.0 <6.0.0"
},
{
"name": "duritong/sysctl",
--
2.37.1

73
config/puppet-modules/openstack/puppet-ceph/debian/trixie/patches/0015-Fix-the-unless-condition-of-ceph-osd-prepare.patch Normal file
View File

@@ -0,0 +1,73 @@
From 6de75db12990a77b167f2957fef99bae76ed04f6 Mon Sep 17 00:00:00 2001
From: Erickson Silva <Erickson.SilvadeOliveira@windriver.com>
Date: Fri, 11 Aug 2023 10:29:02 -0300
Subject: [PATCH] Fix the 'unless' condition of ceph-osd-prepare
In the 'unless' condition of ceph-prepare-osd-* there will be
a false positive if an exception occurs when running ceph-disk,
causing the osd to be formatted.
To fix this, the contents of the unless block were moved to the
command block and the execution of the binary (ceph-disk) was
isolated.
Signed-off-by: Erickson Silva <Erickson.SilvadeOliveira@windriver.com>
---
manifests/osd.pp | 32 +++++++++++++++-----------------
1 file changed, 15 insertions(+), 17 deletions(-)
diff --git a/manifests/osd.pp b/manifests/osd.pp
index 5353f58..5851676 100644
--- a/manifests/osd.pp
+++ b/manifests/osd.pp
@@ -135,10 +135,24 @@ test -z $(ceph-disk list $(readlink -f ${data}) | egrep -o '[0-9a-f]{8}-([0-9a-f
Exec[$ceph_check_udev] -> Exec[$ceph_prepare]
# ceph-disk: prepare should be idempotent http://tracker.ceph.com/issues/7475
exec { $ceph_prepare:
-
+ # We don't want to erase the disk if:
+ # 1. There is already ceph data on the disk for our cluster AND
+ # 2. The uuid for the OSD we are configuring matches the uuid for the
+ # OSD on the disk. We don't want to attempt to re-use an OSD that
+ # had previously been deleted.
command => "/bin/true # comment to satisfy puppet syntax requirements
set -ex
disk=$(readlink -f ${data})
+# If disk is multipath, must add partition number at the end of string.
+if [[ \${disk} == *dm-* ]]; then
+ ceph_part=${data}-part1
+else
+ ceph_part=${data}
+fi
+ceph_disk_output=$(/usr/sbin/ceph-disk list)
+if echo \${ceph_disk_output} | grep -v 'unknown cluster' | grep \" *$(readlink -f \${ceph_part}).*ceph data\" | grep -v unprepared | grep 'osd uuid ${uuid}'; then
+ exit 0
+fi
ceph-disk --verbose --log-stdout prepare --filestore ${cluster_uuid_option} ${uuid_option} ${osdid_option} --fs-type xfs --zap-disk \${disk} $(readlink -f ${journal})
mkdir -p /var/lib/ceph/osd/ceph-${osdid}
ceph auth del osd.${osdid} || true
@@ -154,22 +168,6 @@ mount $(readlink -f \${part}) /var/lib/ceph/osd/ceph-${osdid}
ceph-osd --id ${osdid} --mkfs --mkkey --mkjournal
ceph auth add osd.${osdid} osd 'allow *' mon 'allow rwx' -i /var/lib/ceph/osd/ceph-${osdid}/keyring
umount /var/lib/ceph/osd/ceph-${osdid}
-",
- # We don't want to erase the disk if:
- # 1. There is already ceph data on the disk for our cluster AND
- # 2. The uuid for the OSD we are configuring matches the uuid for the
- # OSD on the disk. We don't want to attempt to re-use an OSD that
- # had previously been deleted.
- unless => "/bin/true # comment to satisfy puppet syntax requirements
-set -e
-disk=$(readlink -f ${data})
-# If disk is multipath, must add partition number at the end of string.
-if [[ \${disk} == *dm-* ]]; then
- ceph_part=${data}-part1
-else
- ceph_part=${data}
-fi
-/usr/sbin/ceph-disk list | grep -v 'unknown cluster' | grep \" *$(readlink -f \${ceph_part}).*ceph data\" | grep -v unprepared | grep 'osd uuid ${uuid}'
",
logoutput => true,
timeout => $exec_timeout,
--
2.25.1

52
config/puppet-modules/openstack/puppet-ceph/debian/trixie/patches/0016-Add-ms_bind_ipv4-option-to-ceph-paremeters.patch Normal file
View File

@@ -0,0 +1,52 @@
From 676307deb96d85b78b72c0e98264806411999ed2 Mon Sep 17 00:00:00 2001
From: Felipe Sanches Zanoni <Felipe.SanchesZanoni@windriver.com>
Date: Fri, 26 Jul 2024 09:36:36 -0300
Subject: [PATCH] Add ms_bind_ipv4 option to ceph paremeters
Add the ms_bind_ipv4 option to be set into the ceph.conf file.
By default, the system is disabling ms_bind_ipv6 for IPv4-only clusters.
The same behavior is expected disabling ms_bind_ipv4 for IPv6-only.
Otherwise, each Ceph service tries to bind Ipv4 first, leading to daemon
miscommunication and unabling to mount RBD and CephFS volumes.
Read more: https://www.spinics.net/lists/ceph-users/msg73459.html
Signed-off-by: Felipe Sanches Zanoni <Felipe.SanchesZanoni@windriver.com>
---
manifests/init.pp | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/manifests/init.pp b/manifests/init.pp
index f4b8e62..69fa143 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -84,6 +84,9 @@
# [*ms_bind_ipv6*] Enables Ceph daemons to bind to IPv6 addresses.
# Optional. Boolean. Default provided by Ceph.
#
+# [*ms_bind_ipv4*] Enables Ceph daemons to bind to IPv4 addresses.
+# Optional. Boolean. Default provided by Ceph.
+#
# [*require_signatures*] If Ceph requires signatures on all
# message traffic (client<->cluster and between cluster daemons).
# Optional. Boolean. Default provided by Ceph.
@@ -157,6 +160,7 @@ class ceph (
$mon_initial_members = undef,
$mon_host = undef,
$ms_bind_ipv6 = undef,
+ $ms_bind_ipv4 = undef,
$require_signatures = undef,
$cluster_require_signatures = undef,
$service_require_signatures = undef,
@@ -204,6 +208,7 @@ this module to assign values and will be removed in a future release.')
'global/mon_initial_members': value => $mon_initial_members;
'global/mon_host': value => $mon_host;
'global/ms_bind_ipv6': value => $ms_bind_ipv6;
+ 'global/ms_bind_ipv4': value => $ms_bind_ipv4;
'global/require_signatures': value => $require_signatures;
'global/cluster_require_signatures': value => $cluster_require_signatures;
'global/service_require_signatures': value => $service_require_signatures;
--
2.25.1

110
config/puppet-modules/openstack/puppet-ceph/debian/trixie/patches/0017-Add-mon_data-parameter.patch Normal file
View File

@@ -0,0 +1,110 @@
From e6f5d2cd267564ee97f53447ba1419d1ace641a1 Mon Sep 17 00:00:00 2001
From: Hediberto C Silva <hediberto.cavalcantedasilva@windriver.com>
Date: Tue, 19 Mar 2024 17:17:10 -0300
Subject: [PATCH] Add mon_data parameter
If supplied, the mon_data parameter defines where the ceph-mon data
will be located.
Signed-off-by: Hediberto C Silva <hediberto.cavalcantedasilva@windriver.com>
---
manifests/mon.pp | 33 ++++++++++++++++++++++++++-------
1 file changed, 26 insertions(+), 7 deletions(-)
diff --git a/manifests/mon.pp b/manifests/mon.pp
index 6d1294e..4615d3c 100644
--- a/manifests/mon.pp
+++ b/manifests/mon.pp
@@ -60,6 +60,7 @@
define ceph::mon (
$ensure = present,
$mon_enable = true,
+ $mon_data = '',
$public_addr = undef,
$cluster = undef,
$authentication_type = 'cephx',
@@ -139,7 +140,10 @@ chmod 0444 ${keyring_path}
",
unless => "/bin/true # comment to satisfy puppet syntax requirements
set -ex
-mon_data=\$(ceph-mon ${cluster_option} --id ${id} --show-config-value mon_data) || exit 1
+mon_data=\"${mon_data}\"
+if [ -z \${mon_data} ]; then
+ mon_data=\$(ceph-mon ${cluster_option} --id ${id} --show-config-value mon_data) || exit 1
+fi
# if ceph-mon fails then the mon is probably not configured yet
test -e \$mon_data/done
",
@@ -178,7 +182,10 @@ test -e /etc/ceph/${cluster_name}.client.admin.keyring",
-> exec { $ceph_mkfs:
command => "/bin/true # comment to satisfy puppet syntax requirements
set -ex
-mon_data=\$(ceph-mon ${cluster_option} --id ${id} --show-config-value mon_data)
+mon_data=\"${mon_data}\"
+if [ -z \${mon_data} ]; then
+ mon_data=\$(ceph-mon ${cluster_option} --id ${id} --show-config-value mon_data)
+fi
if [ ! -d \$mon_data ] ; then
mkdir -p \$mon_data
if getent passwd ceph >/dev/null 2>&1; then
@@ -188,7 +195,8 @@ if [ ! -d \$mon_data ] ; then
--mkfs \
--id ${id} \
--keyring ${keyring_path} \
- ${fsid_option} ; then
+ ${fsid_option} \
+ --mon-data \$mon_data ; then
touch \$mon_data/done \$mon_data/${init} \$mon_data/keyring
chown -h ceph:ceph \$mon_data/done \$mon_data/${init} \$mon_data/keyring
else
@@ -199,7 +207,8 @@ if [ ! -d \$mon_data ] ; then
--mkfs \
--id ${id} \
--keyring ${keyring_path} \
- ${fsid_option} ; then
+ ${fsid_option} \
+ --mon-data \$mon_data ; then
touch \$mon_data/done \$mon_data/${init} \$mon_data/keyring
else
rm -fr \$mon_data
@@ -209,7 +218,10 @@ fi
",
unless => "/bin/true # comment to satisfy puppet syntax requirements
set -ex
-mon_data=\$(ceph-mon ${cluster_option} --id ${id} --show-config-value mon_data)
+mon_data=\"${mon_data}\"
+if [ -z \${mon_data} ]; then
+ mon_data=\$(ceph-mon ${cluster_option} --id ${id} --show-config-value mon_data)
+fi
test -d \$mon_data
",
logoutput => true,
@@ -244,13 +256,19 @@ test ! -e ${keyring_path}
-> exec { "remove-mon-${id}":
command => "/bin/true # comment to satisfy puppet syntax requirements
set -ex
-mon_data=\$(ceph-mon ${cluster_option} --id ${id} --show-config-value mon_data)
+mon_data=\"${mon_data}\"
+if [ -z \${mon_data} ]; then
+ mon_data=\$(ceph-mon ${cluster_option} --id ${id} --show-config-value mon_data)
+fi
rm -fr \$mon_data
",
unless => "/bin/true # comment to satisfy puppet syntax requirements
set -ex
which ceph-mon || exit 0 # if ceph-mon is not available we already uninstalled ceph and there is nothing to do
-mon_data=\$(ceph-mon ${cluster_option} --id ${id} --show-config-value mon_data)
+mon_data=\"${mon_data}\"
+if [ -z \${mon_data} ]; then
+ mon_data=\$(ceph-mon ${cluster_option} --id ${id} --show-config-value mon_data)
+fi
test ! -d \$mon_data
",
logoutput => true,
@@ -263,3 +281,4 @@ test ! -d \$mon_data
fail('Ensure on MON must be either present or absent')
}
}
+
--
2.34.1

16
config/puppet-modules/openstack/puppet-ceph/debian/trixie/patches/series Normal file
View File

@@ -0,0 +1,16 @@
0001-Roll-up-TIS-patches.patch
0002-Newton-rebase-fixes.patch
0003-Ceph-Jewel-rebase.patch
0004-US92424-Add-OSD-support-for-persistent-naming.patch
0006-ceph-disk-prepare-invalid-data-disk-value.patch
0007-Add-StarlingX-specific-restart-command-for-Ceph-moni.patch
0008-ceph-mimic-prepare-activate-osd.patch
0009-fix-ceph-osd-disk-partition-for-nvme-disks.patch
0010-wipe-unprepared-disks.patch
0011-Fix-service-parameter-passing.patch
0012-Add-multipath-disk-support.patch
0013-Fix-puppet-ceph-multipath-ceph-partition-detection.patch
0014-Adjust-puppet-ceph-dependency-requirements.patch
0015-Fix-the-unless-condition-of-ceph-osd-prepare.patch
0016-Add-ms_bind_ipv4-option-to-ceph-paremeters.patch
0017-Add-mon_data-parameter.patch

27
config/puppet-modules/openstack/puppet-horizon/debian/trixie/deb_patches/0001-Change-memcached-dependency.patch Normal file
View File

@@ -0,0 +1,27 @@
From 7bd6c2bddb9285af15988247a8fbee2e56fd8a18 Mon Sep 17 00:00:00 2001
From: Teresa Ho <teresa.ho@windriver.com>
Date: Mon, 17 Jul 2023 17:56:27 -0400
Subject: [PATCH 1/2] Change memcached dependency
Signed-off-by: Teresa Ho <teresa.ho@windriver.com>
Signed-off-by: Fabiano Correa Mercer <fabiano.correamercer@windriver.com>
---
debian/control | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/debian/control b/debian/control
index 58c178c..3239aa7 100644
--- a/debian/control
+++ b/debian/control
@@ -22,7 +22,7 @@ Depends:
puppet-module-openstacklib (>= 17.4.0),
puppet-module-puppetlabs-apache (>= 5.0.0),
puppet-module-puppetlabs-stdlib,
- puppet-module-saz-memcached,
+ puppet-memcached,
${misc:Depends},
Description: Puppet module for OpenStack Horizon
Puppet lets you centrally manage every important aspect of your system using a
--
2.25.1

1
config/puppet-modules/openstack/puppet-horizon/debian/trixie/deb_patches/series Normal file
View File

@@ -0,0 +1 @@
0001-Change-memcached-dependency.patch

12
config/puppet-modules/openstack/puppet-horizon/debian/trixie/meta_data.yaml Normal file
View File

@@ -0,0 +1,12 @@
---
debname: puppet-module-horizon
debver: 17.4.0-4
dl_path:
name: puppet-module-horizon-debian-17.4.0-4.tar.gz
url: https://salsa.debian.org/openstack-team/puppet/puppet-module-horizon/-/archive/debian/17.4.0-4/puppet-module-horizon-debian-17.4.0-4.tar.gz
sha256sum: 1b0f30451668f051e05f5de221bc57244eb3b3add6ba72ad20b6b1130333afd2
md5sum: 8f7d38cb4f44f820b24518e82059f5d7
revision:
dist: $STX_DIST
GITREVCOUNT:
BASE_SRCREV: a62bcd81b93d1f6a93f2c50830fda831c9c24aff

32
config/puppet-modules/openstack/puppet-horizon/debian/trixie/patches/0001-Fix-exceptions-import-issue.patch Normal file
View File

@@ -0,0 +1,32 @@
From f8345f5a23f681d799acd7ed0288f37dbedbe619 Mon Sep 17 00:00:00 2001
From: lsampaio <luis.sampaio@windriver.com>
Date: Mon, 9 May 2022 15:05:43 -0300
Subject: [PATCH] Fix exceptions import issue
The puppet-module horizon 17.4.0-4 version has an error in the
debian packaging. The "fix-local-settings-for-debian.patch"
(included in the package) removes wrongly the
openstack_dashboard.exceptions import. This module overrides the
openstack-dashboard local_settings.py module during the unlocking
process and horizon service fails to get enabled.
Signed-off-by: Jorge Saffe <jorge.saffe@windriver.com>
---
templates/local_settings.py.erb | 1 +
1 file changed, 1 insertion(+)
diff --git a/templates/local_settings.py.erb b/templates/local_settings.py.erb
index 5796a0f..cb24bf4 100644
--- a/templates/local_settings.py.erb
+++ b/templates/local_settings.py.erb
@@ -19,6 +19,7 @@ from django.utils.translation import ugettext_lazy as _
from horizon.utils import secret_key
from openstack_dashboard.settings import HORIZON_CONFIG
+from openstack_dashboard import exceptions
DEBUG = <%= @django_debug.to_s.capitalize %>
--
2.35.1

29
config/puppet-modules/openstack/puppet-horizon/debian/trixie/patches/0002-Remove-memcached-dependency.patch Normal file
View File

@@ -0,0 +1,29 @@
From 37e6c4120d18c11e20261f3050399267f927fe00 Mon Sep 17 00:00:00 2001
From: Teresa Ho <teresa.ho@windriver.com>
Date: Mon, 17 Jul 2023 17:57:38 -0400
Subject: [PATCH 2/2] Remove memcached dependency
Signed-off-by: Teresa Ho <teresa.ho@windriver.com>
Signed-off-by: Fabiano Correa Mercer <fabiano.correamercer@windriver.com>
---
metadata.json | 4 ----
1 file changed, 4 deletions(-)
diff --git a/metadata.json b/metadata.json
index 4f3d431..d0c7643 100644
--- a/metadata.json
+++ b/metadata.json
@@ -9,10 +9,6 @@
"name": "puppetlabs/stdlib",
"version_requirement": ">=5.0.0 <7.0.0"
},
- {
- "name": "saz/memcached",
- "version_requirement": ">=2.0.2 <3.5.0"
- },
{
"name": "openstack/openstacklib",
"version_requirement": ">=17.4.0 <18.0.0"
--
2.25.1

2
config/puppet-modules/openstack/puppet-horizon/debian/trixie/patches/series Normal file
View File

@@ -0,0 +1,2 @@
0001-Fix-exceptions-import-issue.patch
0002-Remove-memcached-dependency.patch

12
config/puppet-modules/openstack/puppet-keystone/debian/trixie/meta_data.yaml Normal file
View File

@@ -0,0 +1,12 @@
---
debname: puppet-module-keystone
debver: 17.4.0-2
dl_path:
name: puppet-module-keystone-17.4.0-2.tar.gz
url: https://salsa.debian.org/openstack-team/puppet/puppet-module-keystone/-/archive/debian/17.4.0-2/puppet-module-keystone-debian-17.4.0-2.tar.gz
md5sum: f9169143977abe9ef998981916a07c25
sha256sum: 500056d23bb29a6866c311906b9a36c580dd2bafb891444d8d3f87bb3d973207
revision:
dist: $STX_DIST
GITREVCOUNT:
BASE_SRCREV: 8a881309730bc8338e17c08316d208309af05abb

333
config/puppet-modules/openstack/puppet-keystone/debian/trixie/patches/0001-Adapt-first-set-of-legacy-patches.patch Normal file
View File

@@ -0,0 +1,333 @@
From ff270d806958405b35170dbb6b57da6a13ed14ed Mon Sep 17 00:00:00 2001
From: Dan Voiculeasa <dan.voiculeasa@windriver.com>
Date: Mon, 20 Sep 2021 16:17:56 +0300
Subject: [PATCH 1/3] Adapt first set of legacy patches
Adapt 0001-pike-rebase-squash-titanium-patches.patch from CentOS.
Big logic changes in upstream version, here are 3 examples:
many divergences:
https://github.com/openstack/puppet-keystone/commit/bc1ff1d7cb01ac02790c3302a3da6e994598d9f6"
admin_endpoint->public_endpoint:
https://github.com/openstack/puppet-keystone/commit/58dfc07b3a90a8b05aeb0cbeae17c1b7cfc35594"
url->endpoint:
https://github.com/openstack/puppet-keystone/commit/329ab549a2a127ae41dda5e2c2a906313e5ff911"
Signed-off-by: Dan Voiculeasa <dan.voiculeasa@windriver.com>
---
lib/puppet/provider/keystone.rb | 77 ++++++++++++++++++-
manifests/db/sync.pp | 3 +
manifests/init.pp | 45 +++++++++--
manifests/ldap.pp | 7 ++
manifests/logging.pp | 2 +-
manifests/resource/service_identity.pp | 7 ++
.../keystone_security_compliance_spec.rb | 12 +--
7 files changed, 140 insertions(+), 13 deletions(-)
diff --git a/lib/puppet/provider/keystone.rb b/lib/puppet/provider/keystone.rb
index 9911b6e..b0756fd 100644
--- a/lib/puppet/provider/keystone.rb
+++ b/lib/puppet/provider/keystone.rb
@@ -3,6 +3,7 @@ require 'puppet/provider/openstack'
require 'puppet/provider/openstack/auth'
require 'puppet/provider/openstack/credentials'
require File.join(File.dirname(__FILE__), '..','..', 'puppet/provider/keystone/util')
+require 'hiera_puppet'
class Puppet::Provider::Keystone < Puppet::Provider::Openstack
@@ -224,12 +225,86 @@ class Puppet::Provider::Keystone < Puppet::Provider::Openstack
end
end
+ ### STX Modifications (Start) ###
+
+ def self.hiera_lookup(key)
+ HieraPuppet.lookup(key, :undef, self, nil, :priority)
+ end
+
+ def self.initial_config_primary?
+ return true if ENV['INITIAL_CONFIG_PRIMARY'] == "true"
+ end
+
+ def self.upgrading?
+ return true if hiera_lookup('platform::params::controller_upgrade') == true
+ end
+
def self.request(service, action, properties=nil, options={})
super
rescue Puppet::Error::OpenstackAuthInputError, Puppet::Error::OpenstackUnauthorizedError => error
- keystone_request(service, action, error, properties)
+ if initial_config_primary?
+ # admin user account might not have been created
+ keystone_request(service, action, error, properties)
+ else
+ if upgrading?
+ # when running the Keystone manifest during an upgrade
+ # (on controller-1), we need to use an AUTH token and
+ # a bypass URL since using the default AUTL URL will
+ # send the Request to the service catalog URL (internalURL),
+ # running on the non-upgraded controller-0 which cannot
+ # service this request
+ request_by_upgrading_token(service, action, error, properties)
+ else
+ request_by_admin_credential(service, action, error, properties)
+ end
+ end
end
+ def self.request_by_admin_credential(service, action, error, properties=nil)
+ properties ||= []
+ @credentials.username = hiera_lookup('platform::client::params::admin_username')
+ @credentials.password = hiera_lookup('keystone::admin_password')
+ @credentials.project_name = 'admin'
+ @credentials.auth_url = get_auth_url
+ @credentials.identity_api_version = @credentials.version
+ if @credentials.version == '3'
+ @credentials.user_domain_name = hiera_lookup('platform::client::params::admin_user_domain')
+ @credentials.project_domain_name = hiera_lookup('platform::client::params::admin_project_domain')
+ end
+ raise error unless @credentials.set?
+ Puppet::Provider::Openstack.request(service, action, properties, @credentials)
+ end
+
+ def self.get_upgrade_token
+ upgrade_token_file = hiera_lookup('openstack::keystone::upgrade::upgrade_token_file')
+ # the upgrade token file may get refreshed by the same Puppet event
+ # that triggered this call, and therefore may not be available
+ # immediately. Try for timeout before quitting with error
+ timeout = 10 # 10 seconds
+ 1.upto(timeout) do |iter|
+ if File.exists?(upgrade_token_file)
+ upgrade_token = File.read(upgrade_token_file).strip
+ notice("Found #{upgrade_token_file} token file and upgrade token #{upgrade_token}.")
+ return upgrade_token
+ else
+ Puppet.debug("#{upgrade_token_file} not found. Retrying for #{iter} more seconds.")
+ sleep(1)
+ end
+ end
+ raise(Puppet::ExecutionFailure, "Can't retrieve #{upgrade_token_file} in #{timeout}s retry attempts.")
+ end
+
+ def self.request_by_upgrading_token(service, action, error, properties=nil, options={})
+ properties ||= []
+ @credentials.token = get_upgrade_token
+ @credentials.endpoint = hiera_lookup('openstack::keystone::upgrade::url')
+ raise error unless @credentials.service_token_set?
+ Puppet::Provider::Openstack.request(service, action, properties, @credentials, options)
+ end
+
+ ### STX Additions (End) ###
+
+
def self.keystone_request(service, action, error, properties=nil)
properties ||= []
@credentials.username = keystone_puppet_credentials['username']
diff --git a/manifests/db/sync.pp b/manifests/db/sync.pp
index f1bb758..6dbc202 100644
--- a/manifests/db/sync.pp
+++ b/manifests/db/sync.pp
@@ -36,5 +36,8 @@ class keystone::db::sync(
],
notify => Anchor['keystone::dbsync::end'],
tag => ['keystone-exec', 'openstack-db']
+ # Only do the db sync if both controllers are running the same software
+ # version. Avoids impacting mate controller during an upgrade.
+ onlyif => "test $::controller_sw_versions_match = true",
}
}
diff --git a/manifests/init.pp b/manifests/init.pp
index 35860f2..ee07bd3 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -55,6 +55,15 @@
# other than KVS, which stores events in memory.
# Defaults to true.
#
+# [*upgrade_token_cmd*]
+# (Optional) STX - if we are in an upgrade scenario, an upgrade token
+# will be required to bypass authentication.
+# Defaults to undef
+#
+# [*upgrade_token_file*]
+# (Optional) STX - the file where the upgrade token will be stowed
+# Defaults to undef
+#
# [*manage_service*]
# (Optional) If Puppet should manage service startup / shutdown.
# Defaults to true.
@@ -480,6 +489,8 @@ class keystone(
$max_request_body_size = $::os_service_default,
$purge_config = false,
$amqp_durable_queues = $::os_service_default,
+ $upgrade_token_cmd = undef,
+ $upgrade_token_file = undef,
) inherits keystone::params {
include keystone::deps
@@ -553,18 +564,21 @@ class keystone(
# ssl config
if ($enable_ssl) {
keystone_config {
- 'ssl/enable': value => true;
+ # STX ssl/enable is deprecated for removal
+ #'ssl/enable': value => true;
'ssl/certfile': value => $ssl_certfile;
'ssl/keyfile': value => $ssl_keyfile;
'ssl/ca_certs': value => $ssl_ca_certs;
'ssl/ca_key': value => $ssl_ca_key;
'ssl/cert_subject': value => $ssl_cert_subject;
}
- } else {
- keystone_config {
- 'ssl/enable': value => false;
- }
}
+ # STX ssl/enable is deprecated for removal
+ #else {
+ # keystone_config {
+ # 'ssl/enable': value => false;
+ # }
+ #}
oslo::middleware { 'keystone_config':
enable_proxy_headers_parsing => $enable_proxy_headers_parsing,
@@ -788,6 +802,27 @@ running as a standalone service, or httpd for being run by a httpd server")
fail('You must activate domain configuration using "using_domain_config" parameter to keystone class.')
}
+ # STX: Now that the keystone service has started,
+ # check if we are in an Upgrade scenario, and generate
+ # an upgrade token which will be used to bypass Keystone
+ # authentication (specifically the service catalog) for
+ # all operations during upgrades.
+ # This operation is similar to the keystone bootstrap
+ # operation (above) which would generate an admin
+ # token, and therefore also requires the database to
+ # be up and running and configured and is only run once,
+ # so we don't need to notify the service
+ if $upgrade_token_cmd and $upgrade_token_file {
+ exec { 'upgrade token issue':
+ command => "${upgrade_token_cmd} > ${upgrade_token_file}",
+ path => '/usr/bin',
+ creates => $upgrade_token_file,
+ subscribe => Service[$service_name],
+ notify => Anchor['keystone::service::end'],
+ tag => 'keystone-exec',
+ }
+ }
+
if $using_domain_config {
validate_legacy(Stdlib::Absolutepath, 'validate_absolute_path', $domain_config_directory)
diff --git a/manifests/ldap.pp b/manifests/ldap.pp
index 79c49e7..e87181f 100644
--- a/manifests/ldap.pp
+++ b/manifests/ldap.pp
@@ -4,6 +4,11 @@
#
# === Parameters:
#
+# [*debug_level*]
+# LDAP debugging level for LDAP calls; a value of zero("0") disables
+# debugging. (integer value)
+# Defaults to 'undef'
+#
# [*url*]
# URL for connecting to the LDAP server. (string value)
# Defaults to 'undef'
@@ -364,6 +369,7 @@
# Copyright 2012 Puppetlabs Inc, unless otherwise noted.
#
class keystone::ldap(
+ $debug_level = undef,
$url = undef,
$user = undef,
$password = undef,
@@ -462,6 +468,7 @@ class keystone::ldap(
}
keystone_config {
+ 'ldap/debug_level': value => $debug_level;
'ldap/url': value => $url;
'ldap/user': value => $user;
'ldap/password': value => $password, secret => true;
diff --git a/manifests/logging.pp b/manifests/logging.pp
index 0396cd9..cffaf00 100644
--- a/manifests/logging.pp
+++ b/manifests/logging.pp
@@ -120,7 +120,7 @@ class keystone::logging(
$log_file = $::os_service_default,
$debug = $::os_service_default,
$logging_context_format_string = $::os_service_default,
- $logging_default_format_string = $::os_service_default,
+ $logging_default_format_string = 'keystone:log %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s',
$logging_debug_format_suffix = $::os_service_default,
$logging_exception_prefix = $::os_service_default,
$logging_user_identity_format = $::os_service_default,
diff --git a/manifests/resource/service_identity.pp b/manifests/resource/service_identity.pp
index ef09dab..0caf3bb 100644
--- a/manifests/resource/service_identity.pp
+++ b/manifests/resource/service_identity.pp
@@ -195,6 +195,8 @@ define keystone::resource::service_identity(
if $service_type {
ensure_resource('keystone_service', "${service_name_real}::${service_type}", {
'ensure' => $ensure,
+ 'name' => $service_name_real,
+ 'type' => $service_type,
'description' => $service_description,
})
} else {
@@ -207,6 +209,9 @@ define keystone::resource::service_identity(
if $public_url and $admin_url and $internal_url {
ensure_resource('keystone_endpoint', "${region}/${service_name_real}::${service_type}", {
'ensure' => $ensure,
+ 'name' => $service_name_real,
+ 'type' => $service_type,
+ 'region' => $region,
'public_url' => $public_url,
'admin_url' => $admin_url,
'internal_url' => $internal_url,
@@ -218,6 +223,8 @@ define keystone::resource::service_identity(
if $public_url and $admin_url and $internal_url {
ensure_resource('keystone_endpoint', "${region}/${service_name_real}", {
'ensure' => $ensure,
+ 'name' => $service_name_real,
+ 'region' => $region,
'public_url' => $public_url,
'admin_url' => $admin_url,
'internal_url' => $internal_url,
diff --git a/spec/classes/keystone_security_compliance_spec.rb b/spec/classes/keystone_security_compliance_spec.rb
index 4856f3f..4287476 100644
--- a/spec/classes/keystone_security_compliance_spec.rb
+++ b/spec/classes/keystone_security_compliance_spec.rb
@@ -23,9 +23,9 @@ describe 'keystone::security_compliance' do
:lockout_failure_attempts => 3,
:minimum_password_age => 4,
:password_expires_days => 5,
- :password_regex => 'SomeRegex',
- :password_regex_description => 'this is some regex',
- :unique_last_password_count => 6,
+ :password_regex => '^(?=.*\d)(?=.*[a-zA-Z]).{7,}$',
+ :password_regex_description => 'password must be at least 7 characters long and contain 1 digit',
+ :unique_last_password_count => 2,
}
end
it 'should have configure security compliance with params' do
@@ -35,9 +35,9 @@ describe 'keystone::security_compliance' do
is_expected.to contain_keystone_config('security_compliance/lockout_failure_attempts').with_value(3)
is_expected.to contain_keystone_config('security_compliance/minimum_password_age').with_value(4)
is_expected.to contain_keystone_config('security_compliance/password_expires_days').with_value(5)
- is_expected.to contain_keystone_config('security_compliance/password_regex').with_value('SomeRegex')
- is_expected.to contain_keystone_config('security_compliance/password_regex_description').with_value('this is some regex')
- is_expected.to contain_keystone_config('security_compliance/unique_last_password_count').with_value(6)
+ is_expected.to contain_keystone_config('security_compliance/password_regex').with_value('^(?=.*\d)(?=.*[a-zA-Z]).{7,}$')
+ is_expected.to contain_keystone_config('security_compliance/password_regex_description').with_value('password must be at least 7 characters long and contain 1 digit')
+ is_expected.to contain_keystone_config('security_compliance/unique_last_password_count').with_value(2)
end
end
end
--
2.30.0

43
config/puppet-modules/openstack/puppet-keystone/debian/trixie/patches/0002-Add-support-for-fernet-receipts.patch Normal file
View File

@@ -0,0 +1,43 @@
From 066421ff4de665e93923f10dc211ed465a60f30a Mon Sep 17 00:00:00 2001
From: Tyler Smith <tyler.smith@windriver.com>
Date: Wed, 10 Apr 2019 15:37:25 -0400
Subject: [PATCH 2/3] Add support for fernet receipts
---
manifests/init.pp | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
diff --git a/manifests/init.pp b/manifests/init.pp
index ee07bd3..0dc3fb2 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -758,18 +758,21 @@ running as a standalone service, or httpd for being run by a httpd server")
if $fernet_key_repository {
keystone_config {
- 'fernet_tokens/key_repository': value => $fernet_key_repository;
+ 'fernet_tokens/key_repository': value => $fernet_key_repository;
+ 'fernet_receipts/key_repository': value => $fernet_key_repository;
}
} else {
keystone_config {
- 'fernet_tokens/key_repository': ensure => absent;
+ 'fernet_tokens/key_repository': ensure => absent;
+ 'fernet_receipts/key_repository': ensure => absent;
}
}
keystone_config {
- 'token/revoke_by_id': value => $revoke_by_id;
- 'fernet_tokens/max_active_keys': value => $fernet_max_active_keys;
- 'credential/key_repository': value => $credential_key_repository;
+ 'token/revoke_by_id': value => $revoke_by_id;
+ 'fernet_tokens/max_active_keys': value => $fernet_max_active_keys;
+ 'fernet_receipts/max_active_keys': value => $fernet_max_active_keys;
+ 'credential/key_repository': value => $credential_key_repository;
}
# Update this code when https://bugs.launchpad.net/keystone/+bug/1472285 is addressed.
--
2.30.0

76
config/puppet-modules/openstack/puppet-keystone/debian/trixie/patches/0003-Update-Barbican-admin-secret-s-user-project-IDs-duri.patch Normal file
View File

@@ -0,0 +1,76 @@
From 127b8a6d5b8845a25044f3000a8a14d032546135 Mon Sep 17 00:00:00 2001
From: Dan Voiculeasa <dan.voiculeasa@windriver.com>
Date: Mon, 20 Sep 2021 17:25:11 +0300
Subject: [PATCH] Update Barbican admin secret's user/project IDs during
bootstrap
Adapt 0006-update-Barbican-admin-secret-s-user-project-IDs-duri.patch
from CentOS.
This will break exisiting funtionality because $dc_admin_user_id and
$dc_admin_project_id are moved to keystone::bootstrap class from
bootstrap class to keep the timing specied in the original patch.
Move is due to upsream split of init.pp.
https://github.com/openstack/puppet-keystone/commit/bc1ff1d7cb01ac02790c3302a3da6e994598d9f6
ORIGINAL MESSAGE:
In a DC system when subcloud is managed, keystone user/project IDs are
synced with Central Cloud, including admin user and project. But the
admin's secrets in Barbian still use the original user/project IDs,
causing docker registry access failure when platform-integ-apps is
reapplied.
This updated keystone admin user/project IDs to be the same as Central
Cloud right after keystone is bootstrapped during subcloud deployment.
This way any referece to admin user/project IDs after bootstrap will be
using the IDs same as Central Cloud, including the ones in Barbican.
This will solve the problem of registry access failure issue.
Closes-Bug: 1851247
Signed-off-by: Andy Ning <andy.ning@windriver.com>
END ORIGINAL MESSAGE
Signed-off-by: Dan Voiculeasa <dan.voiculeasa@windriver.com>
---
manifests/bootstrap.pp | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
diff --git a/manifests/bootstrap.pp b/manifests/bootstrap.pp
index d8db334..8a2feea 100644
--- a/manifests/bootstrap.pp
+++ b/manifests/bootstrap.pp
@@ -69,6 +69,8 @@ class keystone::bootstrap (
$internal_url = undef,
$region = 'RegionOne',
$interface = 'public',
+ $dc_admin_user_id = undef,
+ $dc_admin_project_id = undef,
) inherits keystone::params {
include keystone::deps
@@ -108,6 +110,22 @@ class keystone::bootstrap (
tag => 'keystone-bootstrap',
}
+ if $dc_admin_user_id and $dc_admin_project_id {
+ exec { 'update keystone admin assignment actor_id':
+ command => "sudo -u postgres psql -d keystone -c \"update public.assignment set actor_id='$dc_admin_user_id' from public.local_user where public.assignment.actor_id=public.local_user.user_id and public.local_user.name='admin'\"",
+ require => Exec['keystone bootstrap'],
+ }
+ -> exec { 'update keystone admin assignment target_id':
+ command => "sudo -u postgres psql -d keystone -c \"update public.assignment set target_id='$dc_admin_project_id' from public.project where public.assignment.target_id=public.project.id and public.project.name='admin'\"",
+ }
+ -> exec { 'update keystone admin user id':
+ command => "sudo -u postgres psql -d keystone -c \"update public.user set id='$dc_admin_user_id' from public.local_user where public.user.id=public.local_user.user_id and public.local_user.name='admin'\"",
+ }
+ -> exec { 'update keystone admin project id':
+ command => "sudo -u postgres psql -d keystone -c \"update public.project set id='$dc_admin_project_id' where name='admin'\"",
+ }
+ }
+
# Since the bootstrap is not guaranteed to execute on each run we
# use the below resources to make sure the current resources are
# correct so if some value was updated we set that.
--
2.34.1

30
config/puppet-modules/openstack/puppet-keystone/debian/trixie/patches/0004-Update-puppet-keystone-sync.patch Normal file
View File

@@ -0,0 +1,30 @@
From 727e6cce78eaaf19c104d42088ba770c8f3e659a Mon Sep 17 00:00:00 2001
From: John Kung <john.kung@windriver.com>
Date: Tue, 25 Jan 2022 14:14:46 -0600
Subject: [PATCH] Update puppet-keystone-17.4.0 sync.pp patch
Fix syntax error in sync.pp
Story: 2009101
Task: 44357
Signed-off-by: John Kung <john.kung@windriver.com>
---
manifests/db/sync.pp | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/manifests/db/sync.pp b/manifests/db/sync.pp
index 6dbc202..fbe7bc7 100644
--- a/manifests/db/sync.pp
+++ b/manifests/db/sync.pp
@@ -35,7 +35,7 @@ class keystone::db::sync(
Anchor['keystone::dbsync::begin']
],
notify => Anchor['keystone::dbsync::end'],
- tag => ['keystone-exec', 'openstack-db']
+ tag => ['keystone-exec', 'openstack-db'],
# Only do the db sync if both controllers are running the same software
# version. Avoids impacting mate controller during an upgrade.
onlyif => "test $::controller_sw_versions_match = true",
--
2.30.1

42
config/puppet-modules/openstack/puppet-keystone/debian/trixie/patches/0005-Replace-deprecated-idle_timeout-parameter.patch Normal file
View File

@@ -0,0 +1,42 @@
From 656ae78a46ec5137c88d817d26e1e57ccf02600e Mon Sep 17 00:00:00 2001
From: Matheus Machado Guilhermino <matheus.machadoguilhermino@windriver.com>
Date: Thu, 10 Mar 2022 16:59:35 +0000
Subject: [PATCH] Replace deprecated idle_timeout parameter
Replace idle_timeout parameter by connection_recycle_time
Signed-off-by: Matheus Machado Guilhermino <matheus.machadoguilhermino@windriver.com>
---
manifests/messaging/amqp.pp | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/manifests/messaging/amqp.pp b/manifests/messaging/amqp.pp
index 440ff97..69da95e 100644
--- a/manifests/messaging/amqp.pp
+++ b/manifests/messaging/amqp.pp
@@ -50,14 +50,14 @@ class keystone::messaging::amqp(
include keystone::deps
oslo::messaging::amqp { 'keystone_config':
- pre_settled => $amqp_pre_settled,
- idle_timeout => $amqp_idle_timeout,
- ssl_ca_file => $amqp_ssl_ca_file,
- ssl_cert_file => $amqp_ssl_cert_file,
- ssl_key_file => $amqp_ssl_key_file,
- ssl_key_password => $amqp_ssl_key_password,
- allow_insecure_clients => $amqp_allow_insecure_clients,
- sasl_mechanisms => $amqp_sasl_mechanisms,
+ pre_settled => $amqp_pre_settled,
+ connection_recycle_time => $amqp_idle_timeout,
+ ssl_ca_file => $amqp_ssl_ca_file,
+ ssl_cert_file => $amqp_ssl_cert_file,
+ ssl_key_file => $amqp_ssl_key_file,
+ ssl_key_password => $amqp_ssl_key_password,
+ allow_insecure_clients => $amqp_allow_insecure_clients,
+ sasl_mechanisms => $amqp_sasl_mechanisms,
}
}
--
2.30.2

31
config/puppet-modules/openstack/puppet-keystone/debian/trixie/patches/0006-fix-paths-for-openstack-libs.patch Normal file
View File

@@ -0,0 +1,31 @@
From 781294eab3bb437195d479054777ffdc300dd243 Mon Sep 17 00:00:00 2001
From: Matheus Machado Guilhermino <matheus.machadoguilhermino@windriver.com>
Date: Thu, 21 Apr 2022 19:50:20 +0000
Subject: [PATCH] fix paths for openstack libs
openstacklib is not installed to the default directory.
This patch replaces the default path with the custom path.
Signed-off-by: Matheus Machado Guilhermino <matheus.machadoguilhermino@windriver.com>
---
lib/puppet/provider/keystone.rb | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/lib/puppet/provider/keystone.rb b/lib/puppet/provider/keystone.rb
index b0756fd..6809f7b 100644
--- a/lib/puppet/provider/keystone.rb
+++ b/lib/puppet/provider/keystone.rb
@@ -1,7 +1,7 @@
require 'puppet/util/inifile'
-require 'puppet/provider/openstack'
-require 'puppet/provider/openstack/auth'
-require 'puppet/provider/openstack/credentials'
+require File.join(File.dirname(__FILE__), '..','..','..','..', 'openstacklib/lib/puppet/provider/openstack')
+require File.join(File.dirname(__FILE__), '..','..','..','..', 'openstacklib/lib/puppet/provider/openstack/auth')
+require File.join(File.dirname(__FILE__), '..','..','..','..', 'openstacklib/lib/puppet/provider/openstack/credentials')
require File.join(File.dirname(__FILE__), '..','..', 'puppet/provider/keystone/util')
require 'hiera_puppet'
--
2.30.2

37
config/puppet-modules/openstack/puppet-keystone/debian/trixie/patches/0007-Replace-deprecated-hiera-function.patch Normal file
View File

@@ -0,0 +1,37 @@
From 3140cb1a78235ac6504a97e5e3bd4fe79b455b36 Mon Sep 17 00:00:00 2001
From: Matheus Machado Guilhermino <matheus.machadoguilhermino@windriver.com>
Date: Thu, 21 Apr 2022 20:01:21 +0000
Subject: [PATCH] Replace deprecated hiera function
Replaced the deprecated 'HieraPuppet.lookup()' function with the
'puppet lookup' command.
Signed-off-by: Matheus Machado Guilhermino <matheus.machadoguilhermino@windriver.com>
---
lib/puppet/provider/keystone.rb | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/lib/puppet/provider/keystone.rb b/lib/puppet/provider/keystone.rb
index 6809f7b..2544942 100644
--- a/lib/puppet/provider/keystone.rb
+++ b/lib/puppet/provider/keystone.rb
@@ -3,7 +3,6 @@ require File.join(File.dirname(__FILE__), '..','..','..','..', 'openstacklib/lib
require File.join(File.dirname(__FILE__), '..','..','..','..', 'openstacklib/lib/puppet/provider/openstack/auth')
require File.join(File.dirname(__FILE__), '..','..','..','..', 'openstacklib/lib/puppet/provider/openstack/credentials')
require File.join(File.dirname(__FILE__), '..','..', 'puppet/provider/keystone/util')
-require 'hiera_puppet'
class Puppet::Provider::Keystone < Puppet::Provider::Openstack
@@ -228,7 +227,7 @@ class Puppet::Provider::Keystone < Puppet::Provider::Openstack
### STX Modifications (Start) ###
def self.hiera_lookup(key)
- HieraPuppet.lookup(key, :undef, self, nil, :priority)
+ %x(sudo puppet lookup #{key})[4...-1]
end
def self.initial_config_primary?
--
2.30.2

28
config/puppet-modules/openstack/puppet-keystone/debian/trixie/patches/0008-Fix-hiera_lookup-function-to-unescape-characters.patch Normal file
View File

@@ -0,0 +1,28 @@
From 0071ccbc87326971769e207af6b6a592571e3bf1 Mon Sep 17 00:00:00 2001
From: Guilherme Schons <guilherme.dossantosschons@windriver.com>
Date: Fri, 19 May 2023 02:22:26 -0300
Subject: [PATCH] Fix hiera_lookup function to unescape characters
Fix the 'puppet lookup' command to unescape special characters.
Signed-off-by: Guilherme Schons <guilherme.dossantosschons@windriver.com>
---
lib/puppet/provider/keystone.rb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/puppet/provider/keystone.rb b/lib/puppet/provider/keystone.rb
index 2544942..2dd9ce9 100644
--- a/lib/puppet/provider/keystone.rb
+++ b/lib/puppet/provider/keystone.rb
@@ -227,7 +227,7 @@ class Puppet::Provider::Keystone < Puppet::Provider::Openstack
### STX Modifications (Start) ###
def self.hiera_lookup(key)
- %x(sudo puppet lookup #{key})[4...-1]
+ %x(sudo puppet lookup #{key} | sed 's,\",,g')[4...-1]
end
def self.initial_config_primary?
--
2.25.1

8
config/puppet-modules/openstack/puppet-keystone/debian/trixie/patches/series Normal file
View File

@@ -0,0 +1,8 @@
0001-Adapt-first-set-of-legacy-patches.patch
0002-Add-support-for-fernet-receipts.patch
0003-Update-Barbican-admin-secret-s-user-project-IDs-duri.patch
0004-Update-puppet-keystone-sync.patch
0005-Replace-deprecated-idle_timeout-parameter.patch
0006-fix-paths-for-openstack-libs.patch
0007-Replace-deprecated-hiera-function.patch
0008-Fix-hiera_lookup-function-to-unescape-characters.patch

12
config/puppet-modules/openstack/puppet-openstacklib/debian/trixie/meta_data.yaml Normal file
View File

@@ -0,0 +1,12 @@
---
debname: puppet-module-openstacklib
debver: 17.4.0-2
dl_path:
name: puppet-module-openstacklib-17.4.0-2.tar.gz
url: https://salsa.debian.org/openstack-team/puppet/puppet-module-openstacklib/-/archive/debian/17.4.0-2/puppet-module-openstacklib-debian-17.4.0-2.tar.gz
md5sum: b7509751fe173ba20555859186fae36b
sha256sum: fbef49106a09304665b6628b9a0c5ebd08d6b9e3084535d8c138d70fc3ed46ec
revision:
dist: $STX_DIST
GITREVCOUNT:
BASE_SRCREV: cd1d5037e03638068e703c36b2536f8adf89915b

88
config/puppet-modules/openstack/puppet-openstacklib/debian/trixie/patches/0001-Adapt-first-set-of-legacy-patches.patch Normal file
View File

@@ -0,0 +1,88 @@
From 76473fecb52b01f122c50dba751732dfa7da2948 Mon Sep 17 00:00:00 2001
From: Dan Voiculeasa <dan.voiculeasa@windriver.com>
Date: Mon, 20 Sep 2021 12:05:10 +0300
Subject: [PATCH] Adapt first set of legacy patches
Adapt 0001-Roll-up-TIS-patches.patch from CentOS.
Signed-off-by: Dan Voiculeasa <dan.voiculeasa@windriver.com>
---
lib/puppet/provider/openstack.rb | 1 +
lib/puppet/provider/openstack/auth.rb | 16 ++++++++++++++--
lib/puppet/provider/openstack/credentials.rb | 2 --
3 files changed, 15 insertions(+), 4 deletions(-)
diff --git a/lib/puppet/provider/openstack.rb b/lib/puppet/provider/openstack.rb
index 3d80d68..280315c 100644
--- a/lib/puppet/provider/openstack.rb
+++ b/lib/puppet/provider/openstack.rb
@@ -45,6 +45,7 @@ class Puppet::Provider::Openstack < Puppet::Provider
begin
action = args[1]
Timeout.timeout(command_timeout(action)) do
+ args.unshift('--os-interface', 'internal')
execute([command(:openstack_command)] + args, override_locale: false, failonfail: true, combine: true)
end
rescue Timeout::Error
diff --git a/lib/puppet/provider/openstack/auth.rb b/lib/puppet/provider/openstack/auth.rb
index 743071d..4026aec 100644
--- a/lib/puppet/provider/openstack/auth.rb
+++ b/lib/puppet/provider/openstack/auth.rb
@@ -1,9 +1,19 @@
#require 'puppet/provider/openstack/credentials'
require File.join(File.dirname(__FILE__), '..','..','..', 'puppet/provider/openstack/credentials')
+require 'hiera_puppet'
module Puppet::Provider::Openstack::Auth
- RCFILENAME = "#{ENV['HOME']}/openrc"
+ RCFILENAME = "/etc/platform/openrc"
+
+ def lookup_hiera(key)
+ HieraPuppet.lookup(key, :undef, self, nil, :priority)
+ end
+
+ def get_admin_password
+ value=lookup_hiera('keystone::admin_password')
+ return value
+ end
def get_os_vars_from_env
env = {}
@@ -17,7 +27,7 @@ module Puppet::Provider::Openstack::Auth
unless rcfile.nil?
File.open(rcfile).readlines.delete_if{|l| l=~ /^#|^$/ }.each do |line|
# we only care about the OS_ vars from the file LP#1699950
- if line =~ /OS_/
+ if line =~ /OS_/ and line.include?('=')
key, value = line.split('=')
key = key.split(' ').last
value = value.chomp.gsub(/'/, '')
@@ -38,6 +48,8 @@ module Puppet::Provider::Openstack::Auth
unless @credentials.set?
@credentials.unset
set_credentials(@credentials, get_os_vars_from_rcfile(rc_filename))
+ # retrieves the password from hiera data since keyring is not yet available
+ @credentials.password = get_admin_password
end
unless @credentials.set?
raise(Puppet::Error::OpenstackAuthInputError, 'Insufficient credentials to authenticate')
diff --git a/lib/puppet/provider/openstack/credentials.rb b/lib/puppet/provider/openstack/credentials.rb
index afade9c..8f0c953 100644
--- a/lib/puppet/provider/openstack/credentials.rb
+++ b/lib/puppet/provider/openstack/credentials.rb
@@ -67,11 +67,9 @@ class Puppet::Provider::Openstack::CredentialsV3 < Puppet::Provider::Openstack::
:domain_id,
:domain_name,
:key,
- :project_domain_id,
:project_domain_name,
:project_id,
:trust_id,
- :user_domain_id,
:user_domain_name,
:user_id
]
--
2.30.0

35
config/puppet-modules/openstack/puppet-openstacklib/debian/trixie/patches/0002-Replace-deprecated-hiera-function.patch Normal file
View File

@@ -0,0 +1,35 @@
From 864ce60461737423b4487390dd232caecbba4985 Mon Sep 17 00:00:00 2001
From: Matheus Machado Guilhermino <matheus.machadoguilhermino@windriver.com>
Date: Thu, 21 Apr 2022 20:16:47 +0000
Subject: [PATCH] Replace deprecated hiera function
Replaced the deprecated 'HieraPuppet.lookup()' function with the
'puppet lookup' command.
Signed-off-by: Matheus Machado Guilhermino <matheus.machadoguilhermino@windriver.com>
---
lib/puppet/provider/openstack/auth.rb | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/lib/puppet/provider/openstack/auth.rb b/lib/puppet/provider/openstack/auth.rb
index 4026aec..99a8733 100644
--- a/lib/puppet/provider/openstack/auth.rb
+++ b/lib/puppet/provider/openstack/auth.rb
@@ -1,13 +1,12 @@
#require 'puppet/provider/openstack/credentials'
require File.join(File.dirname(__FILE__), '..','..','..', 'puppet/provider/openstack/credentials')
-require 'hiera_puppet'
module Puppet::Provider::Openstack::Auth
RCFILENAME = "/etc/platform/openrc"
def lookup_hiera(key)
- HieraPuppet.lookup(key, :undef, self, nil, :priority)
+ %(sudo puppet lookup #{key})[4...-1]
end
def get_admin_password
--
2.30.2

43
config/puppet-modules/openstack/puppet-openstacklib/debian/trixie/patches/0003-Adjust-puppetlabs-postgresql-version-requirement.patch Normal file
View File

@@ -0,0 +1,43 @@
From 64878063dd63cb0afd8b437554450b84fcc41604 Mon Sep 17 00:00:00 2001
From: Matheus Guilhermino <matheus.machadoguilhermino@windriver.com>
Date: Fri, 27 May 2022 15:38:50 +0000
Subject: [PATCH] Adjust puppetlabs-postgresql version requirement
As can be verified on the module's changelog, support for Debian 11 was
added on puppetlabs-postgresql v7.4.0, which is already out of the
specified range.
Other than added functionality and fixes, here are the major changes
between v6.10.2(latest version inside of range) and v8.0.0:
v7.0.0 drops support for SLES 11 and RHEL 5, and bumps minimum Puppet
version to 6.0.0 (We are currently using Puppet 5.5.22, but it should
be noted that the minimal version was bumped up because Puppet 5 was
removed from the test cases and not because there are signs of
malfunction).
v8.0.0 drops support for CentOS 6, Debian 6, and Ubuntu 10, which is not
a problem since we are not using any of those OSs.
In conclusion, any version earlier than v7.4.0 should not be used and
there are no known disadvantages to using v8.0.0 instead of v7.4.0.
Signed-off-by: Matheus Guilhermino <matheus.machadoguilhermino@windriver.com>
---
metadata.json | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/metadata.json b/metadata.json
index f26057f..6cb103f 100644
--- a/metadata.json
+++ b/metadata.json
@@ -23,7 +23,7 @@
},
{
"name": "puppetlabs/postgresql",
- "version_requirement": ">=6.4.0 <7.0.0"
+ "version_requirement": ">=6.4.0 <=8.0.0"
}
],
"description": "Puppet module library to expose common functionality between OpenStack modules.",
--
2.30.2

30
config/puppet-modules/openstack/puppet-openstacklib/debian/trixie/patches/0004-Increase-timeout-from-40s-to-100s.patch Normal file
View File

@@ -0,0 +1,30 @@
From e9bc8f6deda0e76d6f02f9e19e19ef95c1aa07e1 Mon Sep 17 00:00:00 2001
From: Rei Oliveira <Reinildes.JoseMateusOliveira@windriver.com>
Date: Wed, 19 Oct 2022 12:54:01 -0300
Subject: [PATCH] Increase timeout from 40s to 100s
This puppet module is used by the bootstrap manifest to execute
openstack commands. After the change to debian, this 40s timeout
is not enough for some types of hardware.
Signed-off-by: Rei Oliveira <Reinildes.JoseMateusOliveira@windriver.com>
---
lib/puppet/provider/openstack.rb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/puppet/provider/openstack.rb b/lib/puppet/provider/openstack.rb
index 3d80d68..fe63b79 100644
--- a/lib/puppet/provider/openstack.rb
+++ b/lib/puppet/provider/openstack.rb
@@ -14,7 +14,7 @@ class Puppet::Provider::Openstack < Puppet::Provider
commands :openstack_command => 'openstack'
@@no_retry_actions = %w(create remove delete)
- @@command_timeout = 40
+ @@command_timeout = 100
# Fails on the 5th retry for a max of 212s (~3.5min) before total
# failure.
@@request_timeout = 170
--
2.17.1

28
config/puppet-modules/openstack/puppet-openstacklib/debian/trixie/patches/0005-Fix-hiera_lookup-function-to-unescape-characters.patch Normal file
View File

@@ -0,0 +1,28 @@
From c9317e396969dbadce6d2161c0135defaff1815f Mon Sep 17 00:00:00 2001
From: Guilherme Schons <guilherme.dossantosschons@windriver.com>
Date: Fri, 19 May 2023 11:21:21 -0300
Subject: [PATCH] Fix hiera_lookup function to unescape characters
Unescape special characters from the 'puppet lookup' command return.
Signed-off-by: Guilherme Schons <guilherme.dossantosschons@windriver.com>
---
lib/puppet/provider/openstack/auth.rb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/puppet/provider/openstack/auth.rb b/lib/puppet/provider/openstack/auth.rb
index 99a8733..e388805 100644
--- a/lib/puppet/provider/openstack/auth.rb
+++ b/lib/puppet/provider/openstack/auth.rb
@@ -6,7 +6,7 @@ module Puppet::Provider::Openstack::Auth
RCFILENAME = "/etc/platform/openrc"
def lookup_hiera(key)
- %(sudo puppet lookup #{key})[4...-1]
+ %(sudo puppet lookup #{key} | sed 's,\",,g')[4...-1]
end
def get_admin_password
--
2.25.1

30
config/puppet-modules/openstack/puppet-openstacklib/debian/trixie/patches/0006-Update-Postgres-Auth-and-Password-Encryption.patch Executable file
View File

@@ -0,0 +1,30 @@
From 7954a4416c5605803df8f570148f948195bac267 Mon Sep 17 00:00:00 2001
From: Jorge Saffe <jorge.saffe@windriver.com>
Date: Thu, 19 Sep 2024 22:18:43 +0200
Subject: [PATCH 6/6] Update Postgres Auth and Password Encryption
---
manifests/db/postgresql.pp | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/manifests/db/postgresql.pp b/manifests/db/postgresql.pp
index a7ddedf..adadfb5 100644
--- a/manifests/db/postgresql.pp
+++ b/manifests/db/postgresql.pp
@@ -45,7 +45,12 @@ define openstacklib::db::postgresql (
in a future release. Use password instead')
$password_hash_real = $password_hash
} elsif $password != undef {
- $password_hash_real = postgresql::postgresql_password($user, $password)
+ $password_hash_real = postgresql::postgresql_password(
+ $user,
+ $password,
+ $password =~ Sensitive[String],
+ $postgresql::server::password_encryption,
+ )
} else {
fail('password should be set')
}
--
2.39.2

6
config/puppet-modules/openstack/puppet-openstacklib/debian/trixie/patches/series Normal file
View File

@@ -0,0 +1,6 @@
0001-Adapt-first-set-of-legacy-patches.patch
0002-Replace-deprecated-hiera-function.patch
0003-Adjust-puppetlabs-postgresql-version-requirement.patch
0004-Increase-timeout-from-40s-to-100s.patch
0005-Fix-hiera_lookup-function-to-unescape-characters.patch
0006-Update-Postgres-Auth-and-Password-Encryption.patch

11
config/puppet-modules/openstack/puppet-oslo/debian/trixie/meta_data.yaml Normal file
View File

@@ -0,0 +1,11 @@
---
debname: puppet-module-oslo
debver: 17.4.0-2
dl_path:
name: puppet-module-oslo-17.4.0-2.tar.gz
url: https://salsa.debian.org/openstack-team/puppet/puppet-module-oslo/-/archive/debian/17.4.0-2/puppet-module-oslo-debian-17.4.0-2.tar.gz
md5sum: 1dc3e1b22756f9ad236458ec0e48cbd5
sha256sum: ea20d07a5919edf0e3b5700bc8c3d221cdeed3edcc5c1ffd8f235dff5dd3a13f
revision:
dist: $STX_DIST
PKG_GITREVCOUNT: true

39
config/puppet-modules/openstack/puppet-oslo/debian/trixie/patches/0001-Remove-log_dir-from-conf-files.patch Normal file
View File

@@ -0,0 +1,39 @@
From f692f32676c5f4cf22abc97598e049578e1e7bf7 Mon Sep 17 00:00:00 2001
From: Dan Voiculeasa <dan.voiculeasa@windriver.com>
Date: Mon, 20 Sep 2021 13:02:19 +0300
Subject: [PATCH 1/2] Remove log_dir from conf files
Adapt 0001-Remove-log_dir-from-conf-files.patch from CentOS.
Signed-off-by: Dan Voiculeasa <dan.voiculeasa@windriver.com>
---
manifests/log.pp | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/manifests/log.pp b/manifests/log.pp
index 96ce363..bb6876f 100644
--- a/manifests/log.pp
+++ b/manifests/log.pp
@@ -27,9 +27,7 @@
# Defaults to $::os_service_default
#
# [*log_dir*]
-# (Optional) Directory where logs should be stored.
-# If set to $::os_service_default, it will not log to any directory.
-# Defaults to $::os_service_default
+# STX: Remove log_dir to ensure services log via syslog
#
# [*watch_log_file*]
# (Optional) Uses logging handler designed to watch file system (boolean value).
@@ -154,7 +152,7 @@ define oslo::log(
'DEFAULT/log_config_append' => { value => $log_config_append },
'DEFAULT/log_date_format' => { value => $log_date_format },
'DEFAULT/log_file' => { value => $log_file },
- 'DEFAULT/log_dir' => { value => $log_dir },
+ 'DEFAULT/log_dir' => { ensure => absent },
'DEFAULT/watch_log_file' => { value => $watch_log_file },
'DEFAULT/use_syslog' => { value => $use_syslog },
'DEFAULT/use_journal' => { value => $use_journal },
--
2.30.0

42
config/puppet-modules/openstack/puppet-oslo/debian/trixie/patches/0002-Add-psycopg2-drivername-to-postgresql-settings.patch Normal file
View File

@@ -0,0 +1,42 @@
From fd058e19897326e31bb0c32332adc36b14d5fd22 Mon Sep 17 00:00:00 2001
From: Dan Voiculeasa <dan.voiculeasa@windriver.com>
Date: Mon, 20 Sep 2021 13:11:39 +0300
Subject: [PATCH 2/2] Add psycopg2 drivername to postgresql settings
Adapt 0002-add-psycopg2-drivername-to-postgresql-settings.patch from
CentOS.
Signed-off-by: Dan Voiculeasa <dan.voiculeasa@windriver.com>
---
manifests/db.pp | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/manifests/db.pp b/manifests/db.pp
index 3fcb191..697c1d1 100644
--- a/manifests/db.pp
+++ b/manifests/db.pp
@@ -158,8 +158,11 @@ define oslo::db(
validate_legacy(Oslo::Dbconn, 'validate_re', $connection,
['^(sqlite|mysql(\+pymysql)?|postgresql(\+psycopg2)?|mongodb):\/\/(\S+:\S+@\S+\/\S+)?'])
+ # add psycopg2 drivername to postgresql if using driverless postgres setting
+ $real_connection = regsubst($connection,'^postgresql:','postgresql+psycopg2:')
+
if $manage_backend_package {
- case $connection {
+ case $real_connection {
/^mysql(\+pymysql)?:\/\//: {
require 'mysql::bindings'
require 'mysql::bindings::python'
@@ -205,7 +208,7 @@ define oslo::db(
$database_options = {
"${config_group}/sqlite_synchronous" => { value => $sqlite_synchronous },
"${config_group}/backend" => { value => $backend },
- "${config_group}/connection" => { value => $connection, secret => true },
+ "${config_group}/connection" => { value => $real_connection, secret => true },
"${config_group}/slave_connection" => { value => $slave_connection, secret => true },
"${config_group}/mysql_sql_mode" => { value => $mysql_sql_mode },
"${config_group}/connection_recycle_time" => { value => $connection_recycle_time },
--
2.30.0

26
config/puppet-modules/openstack/puppet-oslo/debian/trixie/patches/0003-Deactivate-deprecated-idle_timeout-parameter.patch Normal file
View File

@@ -0,0 +1,26 @@
From 3e1cab8f80105f32d7bc69ccfaf485bdacdba53d Mon Sep 17 00:00:00 2001
From: Matheus Machado Guilhermino <matheus.machadoguilhermino@windriver.com>
Date: Thu, 10 Mar 2022 17:12:42 +0000
Subject: [PATCH] Deactivate deprecated 'idle_timeout' parameter
Signed-off-by: Matheus Machado Guilhermino <matheus.machadoguilhermino@windriver.com>
---
manifests/db.pp | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/manifests/db.pp b/manifests/db.pp
index 697c1d1..77f9249 100644
--- a/manifests/db.pp
+++ b/manifests/db.pp
@@ -147,7 +147,7 @@ define oslo::db(
$use_tpool = $::os_service_default,
$mysql_enable_ndb = $::os_service_default,
# DEPRCATED PARAMETERS
- $idle_timeout = $::os_service_default,
+ $idle_timeout = undef,
$min_pool_size = undef,
) {
--
2.30.2

3
config/puppet-modules/openstack/puppet-oslo/debian/trixie/patches/series Normal file
View File

@@ -0,0 +1,3 @@
0001-Remove-log_dir-from-conf-files.patch
0002-Add-psycopg2-drivername-to-postgresql-settings.patch
0003-Deactivate-deprecated-idle_timeout-parameter.patch

5
config/puppet-modules/puppet-boolean/debian/trixie/deb_folder/changelog Normal file
View File

@@ -0,0 +1,5 @@
puppet-boolean (2.0.2-0) unstable; urgency=medium
* Initial release
-- Dan Voiculeasa <dan.voiculeasa@windriver.com> Wed, 08 Sep 2021 11:50:43 +0000

13
config/puppet-modules/puppet-boolean/debian/trixie/deb_folder/control Normal file
View File

@@ -0,0 +1,13 @@
Source: puppet-boolean
Section: admin
Priority: optional
Maintainer: StarlingX Developers <starlingx-discuss@lists.starlingx.io>
Build-Depends: debhelper-compat (= 13)
Standards-Version: 4.4.1
Homepage: https://www.starlingx.io
Package: puppet-boolean
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}, puppet
Description: Puppet module named puppet-boolean
A Puppet module to provide boolean parameters

31
config/puppet-modules/puppet-boolean/debian/trixie/deb_folder/copyright Normal file
View File

@@ -0,0 +1,31 @@
Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-Name: puppet-boolean
Upstream-Contact: https://github.com/voxpupuli/
Source: https://github.com/voxpupuli/puppet-boolean
Files: *
Copyright: (C) 2012-2020 https://github.com/voxpupuli/
License: Apache-2
Upstream-Name: puppet-boolean-2.0.2
Upstream-Contact: StarlingX Developers <starlingx-discuss@lists.starlingx.io>
Source: https://opendev.org/starlingx/integ/src/branch/master/config/puppet-modules/puppet-boolean-2.0.2
Files: debian/*
Copyright: (c) 2021 Wind River Systems, Inc.
License: Apache-2
License: Apache-2
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
.
http://www.apache.org/licenses/LICENSE-2.0
.
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
.
On Debian-based systems the full text of the Apache version 2.0 license
can be found in `/usr/share/common-licenses/Apache-2.0'.

4
config/puppet-modules/puppet-boolean/debian/trixie/deb_folder/puppet-boolean.install Normal file
View File

@@ -0,0 +1,4 @@
lib usr/share/puppet/modules.available/puppet-boolean
LICENSE usr/share/puppet/modules.available/puppet-boolean
metadata.json usr/share/puppet/modules.available/puppet-boolean
spec usr/share/puppet/modules.available/puppet-boolean

13
config/puppet-modules/puppet-boolean/debian/trixie/deb_folder/puppet-boolean.postinst Normal file
View File

@@ -0,0 +1,13 @@
#!/bin/sh
# see: dh_installdeb(1)
set -e
if [ "${1}" = "configure" ] ; then
update-alternatives --install /usr/share/puppet/modules/boolean puppet-module-boolean \
/usr/share/puppet/modules.available/puppet-boolean 500
fi
#DEBHELPER#
exit 0

13
config/puppet-modules/puppet-boolean/debian/trixie/deb_folder/puppet-boolean.postrm Normal file
View File

@@ -0,0 +1,13 @@
#!/bin/sh
# see: dh_installdeb(1)
set -e
if [ "${1}" = "remove" ] || [ "${1}" = "disappear" ]; then
update-alternatives --remove puppet-module-boolean \
/usr/share/puppet/modules.available/puppet-boolean
fi
#DEBHELPER#
exit 0

13
config/puppet-modules/puppet-boolean/debian/trixie/deb_folder/puppet-boolean.prerm Normal file
View File

@@ -0,0 +1,13 @@
#!/bin/sh
# see: dh_installdeb(1)
set -e
if [ "${1}" = "remove" ] || [ "${1}" = "upgrade" || [ "${1}" = "deconfigure" ]; then
update-alternatives --remove puppet-module-boolean \
/usr/share/puppet/modules.available/puppet-boolean
fi
#DEBHELPER#
exit 0

7
config/puppet-modules/puppet-boolean/debian/trixie/deb_folder/rules Executable file
View File

@@ -0,0 +1,7 @@
#!/usr/bin/make -f
# See debhelper(7) (uncomment to enable)
# output every command that modifies files on the build system.
#export DH_VERBOSE = 1
%:
dh $@

1
config/puppet-modules/puppet-boolean/debian/trixie/deb_folder/source/format Normal file
View File

@@ -0,0 +1 @@
3.0 (quilt)

11
config/puppet-modules/puppet-boolean/debian/trixie/meta_data.yaml Normal file
View File

@@ -0,0 +1,11 @@
---
debname: puppet-boolean
debver: 2.0.2-0
dl_path:
name: puppet-boolean-2.0.2-0.tar.gz
url: https://codeload.github.com/voxpupuli/puppet-boolean/tar.gz/refs/tags/v2.0.2
md5sum: c724f206a25561cadb024d6791b73eea
sha256sum: d595e4e50d7c68d8ef1366465a3e019075d5ff3b9b5a972f8340b0bb13d05934
revision:
dist: $STX_DIST
PKG_GITREVCOUNT: true

5
config/puppet-modules/puppet-dnsmasq/debian/trixie/deb_folder/changelog Normal file
View File

@@ -0,0 +1,5 @@
puppet-dnsmasq (1.1.0-0) unstable; urgency=medium
* Initial release
-- Dan Voiculeasa <dan.voiculeasa@windriver.com> Wed, 08 Sep 2021 11:50:43 +0000

17
config/puppet-modules/puppet-dnsmasq/debian/trixie/deb_folder/control Normal file
View File

@@ -0,0 +1,17 @@
Source: puppet-dnsmasq
Section: admin
Priority: optional
Maintainer: StarlingX Developers <starlingx-discuss@lists.starlingx.io>
Build-Depends: debhelper-compat (= 13)
Standards-Version: 4.4.1
Homepage: https://www.starlingx.io
Package: puppet-dnsmasq
Architecture: any
Depends: ${shlibs:Depends},
${misc:Depends},
puppet,
puppet-puppi,
puppet-module-puppetlabs-concat
Description: Puppet module named puppet-dnsmasq
A Puppet module to configure dnsmasq

31
config/puppet-modules/puppet-dnsmasq/debian/trixie/deb_folder/copyright Normal file
View File

@@ -0,0 +1,31 @@
Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-Name: puppet-dnsmasq
Upstream-Contact: https://github.com/procore
Source: https://github.com/procore/puppet-dnsmasq
Files: *
Copyright: (C) 2013-2017 https://github.com/procore/
License: Apache-2
Upstream-Name: puppet-dnsmasq
Upstream-Contact: StarlingX Developers <starlingx-discuss@lists.starlingx.io>
Source: https://opendev.org/starlingx/integ/src/branch/master/config/puppet-modules/puppet-dnsmasq
Files: debian/*
Copyright: (c) 2021 Wind River Systems, Inc.
License: Apache-2
License: Apache-2
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
.
http://www.apache.org/licenses/LICENSE-2.0
.
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
.
On Debian-based systems the full text of the Apache version 2.0 license
can be found in `/usr/share/common-licenses/Apache-2.0'.

5
config/puppet-modules/puppet-dnsmasq/debian/trixie/deb_folder/puppet-dnsmasq.install Normal file
View File

@@ -0,0 +1,5 @@
LICENSE usr/share/puppet/modules.available/puppet-dnsmasq
manifests usr/share/puppet/modules.available/puppet-dnsmasq
metadata.json usr/share/puppet/modules.available/puppet-dnsmasq
spec usr/share/puppet/modules.available/puppet-dnsmasq
templates usr/share/puppet/modules.available/puppet-dnsmasq

13
config/puppet-modules/puppet-dnsmasq/debian/trixie/deb_folder/puppet-dnsmasq.postinst Normal file
View File

@@ -0,0 +1,13 @@
#!/bin/sh
# see: dh_installdeb(1)
set -e
if [ "${1}" = "configure" ] ; then
update-alternatives --install /usr/share/puppet/modules/dnsmasq puppet-module-dnsmasq \
/usr/share/puppet/modules.available/puppet-dnsmasq 500
fi
#DEBHELPER#
exit 0

13
config/puppet-modules/puppet-dnsmasq/debian/trixie/deb_folder/puppet-dnsmasq.postrm Normal file
View File

@@ -0,0 +1,13 @@
#!/bin/sh
# see: dh_installdeb(1)
set -e
if [ "${1}" = "remove" ] || [ "${1}" = "disappear" ]; then
update-alternatives --remove puppet-module-dnsmasq \
/usr/share/puppet/modules.available/puppet-dnsmasq
fi
#DEBHELPER#
exit 0

13
config/puppet-modules/puppet-dnsmasq/debian/trixie/deb_folder/puppet-dnsmasq.prerm Normal file
View File

@@ -0,0 +1,13 @@
#!/bin/sh
# see: dh_installdeb(1)
set -e
if [ "${1}" = "remove" ] || [ "${1}" = "upgrade" || [ "${1}" = "deconfigure" ]; then
update-alternatives --remove puppet-module-dnsmasq \
/usr/share/puppet/modules.available/puppet-dnsmasq
fi
#DEBHELPER#
exit 0

7
config/puppet-modules/puppet-dnsmasq/debian/trixie/deb_folder/rules Executable file
View File

@@ -0,0 +1,7 @@
#!/usr/bin/make -f
# See debhelper(7) (uncomment to enable)
# output every command that modifies files on the build system.
#export DH_VERBOSE = 1
%:
dh $@

1
config/puppet-modules/puppet-dnsmasq/debian/trixie/deb_folder/source/format Normal file
View File

@@ -0,0 +1 @@
3.0 (quilt)

11
config/puppet-modules/puppet-dnsmasq/debian/trixie/meta_data.yaml Normal file
View File

@@ -0,0 +1,11 @@
---
debname: puppet-dnsmasq
debver: 1.1.0-0
dl_path:
name: puppet-dnsmasq-1.1.0-0.tar.gz
url: https://codeload.github.com/procore/puppet-dnsmasq/tar.gz/a06a9127799f7376d3df985bda346f29afa19328
md5sum: c103ed8e7fa2bc386454e03dc67fc2da
sha256sum: 7a42b71ba30aa3813a148520cb5398d5d796046fe075185ef75820ae46f98826
revision:
dist: $STX_DIST
PKG_GITREVCOUNT: true

116
config/puppet-modules/puppet-dnsmasq/debian/trixie/patches/0001-puppet-dnsmasq-Kilo-quilt-patches.patch Normal file
View File

@@ -0,0 +1,116 @@
From 7430149d3a7f1ab9f93ec863e55cdf6d96cd4f06 Mon Sep 17 00:00:00 2001
From: Al Bailey <al.bailey@windriver.com>
Date: Tue, 7 Jun 2016 10:22:23 -0400
Subject: [PATCH] puppet-dnsmasq Kilo quilt patches
---
manifests/init.pp | 8 ++++++++
manifests/params.pp | 7 +++++--
templates/dnsmasq.conf.erb | 9 ++++++---
3 files changed, 19 insertions(+), 5 deletions(-)
diff --git a/manifests/init.pp b/manifests/init.pp
index 176bec7..c61fd94 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -258,6 +258,13 @@
# If you don't want dnsmasq to read /etc/hosts, set this to true.
# Default: false
#
+# [*dhcp_hostsfile*]
+# Read DHCP host information from the specified file. The file contains
+# information about one host per line. The format of a line is the same
+# as text to the right of '=' in --dhcp-host. The advantage of storing
+# DHCP host information in this file is that it can be changed without
+# re-starting dnsmasq: the file will be re-read when dnsmasq receives SIGHUP.
+#
# [*addn_hosts*]
# If you want dnsmasq to read another file/s, as well as /etc/hosts, use this.
# It can be an array of files to read. See next option to manage these files with
@@ -457,6 +464,7 @@ class dnsmasq (
$no_poll = params_lookup( 'no_poll' ),
$bind_interfaces = params_lookup( 'bind_interfaces' ),
$no_hosts = params_lookup( 'no_hosts' ),
+ $dhcp_hostsfile = params_lookup( 'dhcp_hostsfile' ),
$addn_hosts = params_lookup( 'addn_hosts' ),
$addn_hosts_dir = params_lookup( 'addn_hosts_dir' ),
$expand_hosts = params_lookup( 'expand_hosts' ),
diff --git a/manifests/params.pp b/manifests/params.pp
index 5b8f02d..6dd5b96 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -38,6 +38,7 @@ class dnsmasq::params {
$process_user = $::operatingsystem ? {
/(?i:Debian|Ubuntu|Mint)/ => 'dnsmasq',
+ /(?i:wrlinux)/ => 'root',
default => 'nobody',
}
@@ -62,7 +63,7 @@ class dnsmasq::params {
}
$config_file_init = $::operatingsystem ? {
- /(?i:Debian|Ubuntu|Mint)/ => '/etc/default/dnsmasq',
+ /(?i:Debian|Ubuntu|Mint|wrlinux)/ => '/etc/default/dnsmasq',
default => '/etc/sysconfig/dnsmasq',
}
@@ -90,6 +91,7 @@ class dnsmasq::params {
$no_poll = false
$bind_interfaces = false
$no_hosts = false
+ $dhcp_hostsfile = ''
$addn_hosts = ''
$addn_hosts_dir = ''
$expand_hosts = false
@@ -115,6 +117,7 @@ class dnsmasq::params {
}
$mx_target = ''
$localmx = false
+ $selfmx = false
$server = ''
$local = ''
$address = ''
@@ -151,7 +154,7 @@ class dnsmasq::params {
$version = 'present'
$absent = false
$disable = false
- $disableboot = false
+ $disableboot = true
### General module variables that can have a site or per module default
$monitor = false
diff --git a/templates/dnsmasq.conf.erb b/templates/dnsmasq.conf.erb
index 7bc4a03..ea5aa01 100644
--- a/templates/dnsmasq.conf.erb
+++ b/templates/dnsmasq.conf.erb
@@ -3,12 +3,12 @@
<% if scope.lookupvar('dnsmasq::port') != '' -%>
port=<%= scope.lookupvar('dnsmasq::port') %>
<% end -%>
-<% if scope.lookupvar('dnsmasq::bool_domain_need') -%>
-domain-needed
-<% end -%>
<% if scope.lookupvar('dnsmasq::bool_bogus_priv') -%>
bogus-priv
<% end -%>
+<% if scope.lookupvar('dnsmasq::bool_domain_needed') -%>
+domain-needed
+<% end -%>
<% if scope.lookupvar('dnsmasq::bool_filterwin2k') -%>
filterwin2k
<% end -%>
@@ -33,6 +33,9 @@ bind-interfaces
<% if scope.lookupvar('dnsmasq::bool_no_hosts') -%>
no-hosts
<% end -%>
+<% if scope.lookupvar('dnsmasq::dhcp_hostsfile') != '' -%>
+dhcp-hostsfile=<%= scope.lookupvar('dnsmasq::dhcp_hostsfile') %>
+<% end -%>
<% if scope.lookupvar('dnsmasq::bool_expand_hosts') -%>
expand-hosts
<% end -%>
--
1.8.3.1

27
config/puppet-modules/puppet-dnsmasq/debian/trixie/patches/0002-Fixing-mismatched-permission-on-dnsmasq-conf.patch Normal file
View File

@@ -0,0 +1,27 @@
From b8308a495f853d066c5c0e5d2257a070b033f626 Mon Sep 17 00:00:00 2001
From: Kam Nasim <kam.nasim@windriver.com>
Date: Tue, 5 Jul 2016 16:46:28 -0400
Subject: [PATCH] CGTS-4280: Fixing mismatched permission on dnsmasq.conf which
was set to 0640 when created from config_controller (controller-0) but was at
0644 on controller-1 through application of this manifest.
---
manifests/params.pp | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/manifests/params.pp b/manifests/params.pp
index 6dd5b96..6129b57 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -51,7 +51,7 @@ class dnsmasq::params {
}
$config_file_mode = $::operatingsystem ? {
- default => '0644',
+ default => '0640',
}
$config_file_owner = $::operatingsystem ? {
--
1.8.3.1

62
config/puppet-modules/puppet-dnsmasq/debian/trixie/patches/0003-Support-management-of-tftp_max-option.patch Normal file
View File

@@ -0,0 +1,62 @@
From 017e2ed0c664fb8689f6a9c4352db740c2c39725 Mon Sep 17 00:00:00 2001
From: Don Penney <don.penney@windriver.com>
Date: Thu, 15 Sep 2016 16:49:48 -0400
Subject: [PATCH] Support management of tftp_max option
---
manifests/init.pp | 4 ++++
manifests/params.pp | 1 +
templates/dnsmasq.conf.erb | 3 +++
3 files changed, 8 insertions(+)
diff --git a/manifests/init.pp b/manifests/init.pp
index c61fd94..b66ac17 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -328,6 +328,9 @@
# Enable dnsmasq's built-in TFTP server
# Default: false
#
+# [*tftp_max*]
+# Max tftp connections
+#
# [*tftp_secure*]
# Make the TFTP server more secure: with this set, only files owned by
# the user dnsmasq is running as will be send over the net.
@@ -476,6 +479,7 @@ class dnsmasq (
$pxe_prompt_timeout = params_lookup( 'pxe_prompt_timeout' ),
$pxe_service = params_lookup( 'pxe_service' ),
$enable_tftp = params_lookup( 'enable_tftp' ),
+ $tftp_max = params_lookup( 'tftp_max' ),
$tftp_secure = params_lookup( 'tftp_secure' ),
$tftp_root = params_lookup( 'tftp_root' ),
$dhcp_lease_max = params_lookup( 'dhcp_lease_max' ),
diff --git a/manifests/params.pp b/manifests/params.pp
index 6129b57..845e91e 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -103,6 +103,7 @@ class dnsmasq::params {
$pxe_prompt_timeout = '60'
$pxe_service = ''
$enable_tftp = false
+ $tftp_max = ''
$tftp_secure = false
$tftp_root = ''
$dhcp_lease_max = ''
diff --git a/templates/dnsmasq.conf.erb b/templates/dnsmasq.conf.erb
index ea5aa01..6a6cbdf 100644
--- a/templates/dnsmasq.conf.erb
+++ b/templates/dnsmasq.conf.erb
@@ -60,6 +60,9 @@ pxe-service=<%= scope.lookupvar('dnsmasq::pxe_service') %>
<% if scope.lookupvar('dnsmasq::bool_enable_tftp') -%>
enable-tftp
<% end -%>
+<% if scope.lookupvar('dnsmasq::tftp_max') != '' -%>
+tftp-max=<%= scope.lookupvar('dnsmasq::tftp_max') %>
+<% end -%>
<% if scope.lookupvar('dnsmasq::bool_tftp_secure') -%>
tftp-secure
<% end -%>
--
1.8.3.1

72
config/puppet-modules/puppet-dnsmasq/debian/trixie/patches/0004-Enable-clear-DNS-cache-on-reload.patch Normal file
View File

@@ -0,0 +1,72 @@
From 35fa3c673307db2ebed20c952817608fadd26fa6 Mon Sep 17 00:00:00 2001
From: Tao Liu <tao.liu@windriver.com>
Date: Thu, 22 Jun 2017 16:33:29 -0400
Subject: [PATCH 1/1] Enable clear the DNS cache on reload
---
manifests/init.pp | 7 +++++++
manifests/params.pp | 1 +
templates/dnsmasq.conf.erb | 3 +++
3 files changed, 11 insertions(+)
diff --git a/manifests/init.pp b/manifests/init.pp
index b66ac17..93276bb 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -211,6 +211,11 @@
# bringing up the link unnecessarily.
# Default: true
#
+# [*clear_on_reload*]
+# Whenever /etc/resolv.conf is re-read or the upstream servers are set via
+# DBus, clear the DNS cache.
+# Default: true
+#
# [*filterwin2k*]
# Uncomment this to filter useless windows-originated DNS requests
# which can trigger dial-on-demand links needlessly.
@@ -460,6 +465,7 @@ class dnsmasq (
$protocol = params_lookup( 'protocol' ),
$domain_needed = params_lookup( 'domain_needed' ),
$bogus_priv = params_lookup( 'bogus_priv' ),
+ $clear_on_reload = params_lookup( 'clear_on_reload' ),
$filterwin2k = params_lookup( 'filterwin2k' ),
$resolv_file = params_lookup( 'resolv_file' ),
$strict_order = params_lookup( 'strict_order' ),
@@ -531,6 +537,7 @@ class dnsmasq (
$bool_domain_needed=any2bool($domain_needed)
$bool_bogus_priv=any2bool($bogus_priv)
+ $bool_clear_on_reload=any2bool($clear_on_reload)
$bool_filterwin2k=any2bool($filterwin2k)
$bool_strict_order=any2bool($strict_order)
$bool_no_resolv=any2bool($no_resolv)
diff --git a/manifests/params.pp b/manifests/params.pp
index 845e91e..4d8e70a 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -84,6 +84,7 @@ class dnsmasq::params {
$domain_needed = true
$bogus_priv = true
+ $clear_on_reload = true
$filterwin2k = false
$resolv_file = ''
$strict_order = false
diff --git a/templates/dnsmasq.conf.erb b/templates/dnsmasq.conf.erb
index bb8d941..109b768 100644
--- a/templates/dnsmasq.conf.erb
+++ b/templates/dnsmasq.conf.erb
@@ -9,6 +9,9 @@ bogus-priv
<% if scope.lookupvar('dnsmasq::bool_domain_needed') -%>
domain-needed
<% end -%>
+<% if scope.lookupvar('dnsmasq::bool_clear_on_reload') -%>
+clear-on-reload
+<% end -%>
<% if scope.lookupvar('dnsmasq::bool_filterwin2k') -%>
filterwin2k
<% end -%>
--
1.8.3.1

4
config/puppet-modules/puppet-dnsmasq/debian/trixie/patches/series Normal file
View File

@@ -0,0 +1,4 @@
0001-puppet-dnsmasq-Kilo-quilt-patches.patch
0002-Fixing-mismatched-permission-on-dnsmasq-conf.patch
0003-Support-management-of-tftp_max-option.patch
0004-Enable-clear-DNS-cache-on-reload.patch

5
config/puppet-modules/puppet-drbd/debian/trixie/deb_folder/changelog Normal file
View File

@@ -0,0 +1,5 @@
puppet-drbd (0.5.2-0) unstable; urgency=medium
* Initial release
-- Dan Voiculeasa <dan.voiculeasa@windriver.com> Wed, 08 Sep 2021 11:50:43 +0000

17
config/puppet-modules/puppet-drbd/debian/trixie/deb_folder/control Normal file
View File

@@ -0,0 +1,17 @@
Source: puppet-drbd
Section: admin
Priority: optional
Maintainer: StarlingX Developers <starlingx-discuss@lists.starlingx.io>
Build-Depends: debhelper-compat (= 13)
Standards-Version: 4.4.1
Homepage: https://www.starlingx.io
Package: puppet-drbd
Architecture: any
Depends: ${shlibs:Depends},
${misc:Depends},
puppet,
puppet-module-puppetlabs-concat,
puppet-module-puppetlabs-stdlib
Description: Puppet module named puppet-drbd
A Puppet module for configuring drbd

31
config/puppet-modules/puppet-drbd/debian/trixie/deb_folder/copyright Normal file
View File

@@ -0,0 +1,31 @@
Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-Name: puppet-drbd
Upstream-Contact: https://github.com/voxpupuli
Source: https://github.com/voxpupuli/puppet-drbd
Files: *
Copyright: (C) 2012-2018 https://github.com/voxpupuli
License: Apache-2
Upstream-Name: puppet-drbd
Upstream-Contact: StarlingX Developers <starlingx-discuss@lists.starlingx.io>
Source: https://opendev.org/starlingx/integ/src/branch/master/config/puppet-modules/puppet-drbd-0.5.2
Files: debian/*
Copyright: (c) 2021 Wind River Systems, Inc.
License: Apache-2
License: Apache-2
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
.
http://www.apache.org/licenses/LICENSE-2.0
.
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
.
On Debian-based systems the full text of the Apache version 2.0 license
can be found in `/usr/share/common-licenses/Apache-2.0'.

6
config/puppet-modules/puppet-drbd/debian/trixie/deb_folder/puppet-drbd.install Normal file
View File

@@ -0,0 +1,6 @@
files usr/share/puppet/modules.available/puppet-drbd
LICENSE usr/share/puppet/modules.available/puppet-drbd
manifests usr/share/puppet/modules.available/puppet-drbd
metadata.json usr/share/puppet/modules.available/puppet-drbd
spec usr/share/puppet/modules.available/puppet-drbd
templates usr/share/puppet/modules.available/puppet-drbd

13
config/puppet-modules/puppet-drbd/debian/trixie/deb_folder/puppet-drbd.postinst Normal file
View File

@@ -0,0 +1,13 @@
#!/bin/sh
# see: dh_installdeb(1)
set -e
if [ "${1}" = "configure" ] ; then
update-alternatives --install /usr/share/puppet/modules/drbd puppet-module-drbd \
/usr/share/puppet/modules.available/puppet-drbd 500
fi
#DEBHELPER#
exit 0

13
config/puppet-modules/puppet-drbd/debian/trixie/deb_folder/puppet-drbd.postrm Normal file
View File

@@ -0,0 +1,13 @@
#!/bin/sh
# see: dh_installdeb(1)
set -e
if [ "${1}" = "remove" ] || [ "${1}" = "disappear" ]; then
update-alternatives --remove puppet-module-drbd \
/usr/share/puppet/modules.available/puppet-drbd
fi
#DEBHELPER#
exit 0

13
config/puppet-modules/puppet-drbd/debian/trixie/deb_folder/puppet-drbd.prerm Normal file
View File

@@ -0,0 +1,13 @@
#!/bin/sh
# see: dh_installdeb(1)
set -e
if [ "${1}" = "remove" ] || [ "${1}" = "upgrade" || [ "${1}" = "deconfigure" ]; then
update-alternatives --remove puppet-module-drbd \
/usr/share/puppet/modules.available/puppet-drbd
fi
#DEBHELPER#
exit 0

7
config/puppet-modules/puppet-drbd/debian/trixie/deb_folder/rules Executable file
View File

@@ -0,0 +1,7 @@
#!/usr/bin/make -f
# See debhelper(7) (uncomment to enable)
# output every command that modifies files on the build system.
#export DH_VERBOSE = 1
%:
dh $@

1
config/puppet-modules/puppet-drbd/debian/trixie/deb_folder/source/format Normal file
View File

@@ -0,0 +1 @@
3.0 (quilt)

11
config/puppet-modules/puppet-drbd/debian/trixie/meta_data.yaml Normal file
View File

@@ -0,0 +1,11 @@
---
debname: puppet-drbd
debver: 0.5.2-0
dl_path:
name: puppet-drbd-0.5.2-0.tar.gz
url: https://github.com/voxpupuli/puppet-drbd/archive/refs/tags/v0.5.2.tar.gz
md5sum: 2e828b92bac292461cd90d298fa4102f
sha256sum: 9d342c31db680503d87f3307565a2984af1b3a8f797ed4a8b778e9dd898565f1
revision:
dist: $STX_DIST
PKG_GITREVCOUNT: true

420
config/puppet-modules/puppet-drbd/debian/trixie/patches/0001-Adapt-first-set-of-legacy-patches.patch Normal file
View File

@@ -0,0 +1,420 @@
From bbe4152d4f2dc3e4286b20e164e3eccb0da4f8d2 Mon Sep 17 00:00:00 2001
From: Don Penney <don.penney@windriver.com>
Date: Wed, 4 Jan 2017 12:15:53 -0500
Subject: [PATCH] Adapt first set of legacy patches
:ORIGINAL_MESSAGE:
This patch rolls up the previous TIS patches, which includes:
1. CGTS-4787 Set DRBD service ensure parameter
2. Updates to fix DRBD resync-rate and engineered parameters:
There are several DRBD performance related parameters that must be set to
get reasonable resync performance, otherwise default resync throughput
is limited to 40MB/s. Note that user community has noted this limit
when they use default settings, or up-rev DRBD from 8.3, etc. Eg. they
realize they hit this limit despite having 10G link or better and faster
disks.
The following parameters were added to puppet-drbd module for resource
file generation, in addition to: c-plan-ahead, c-fill-target, c-min-rate,
c-max-rate, currently engineered for dynamic resync-rates.
disk section:
- 'resync-rate' (aka 'rate') was missed in the CentOS port from Kilo
- 'al-extents' set to 3389, set to a prime number. Increasing this improves
random write throughput. Could set a bit higher, but would need a study.
net section:
- 'max-buffers' engineered to scale with supported MBps, setting too low
(eg., default setting) is a bottleneck on 10G link. Set this to
maximum settable value of 20000. Note this parm may be settable to
larger values in more current DRBD rev. If we need to support faster
disks, likely need to increase this proportionately.
- 'max-epoch-size' also set to 20000. DRBD tuning recommendation page
sets this the same as max-buffers.
- 'unplug-watermark' set to 16 based on DRBD tuning recommendations page
- 'sndbuf-size' set to 0 to auto-tune; historically default was too small
- 'rcvbuf-size' set to 0 to auto-tune
:END_ORIGINGAL_MESSAGE:
Adapted for Debian from Bullseye for puppet-drbd 0.5.2.
Signed-off-by: Dan Voiculeasa <dan.voiculeasa@windriver.com>
---
manifests/init.pp | 11 +-
manifests/resource.pp | 139 ++++++++++++++-----
manifests/resource/up.pp | 2 +-
manifests/service.pp | 2 +-
templates/header.res.erb | 53 ++++++-
templates/primary-resource.res.erb | 2 +-
templates/primary-stacked-resource.res.erb | 2 +-
templates/resource.res.erb | 2 +-
templates/secondary-resource.res.erb | 2 +-
templates/secondary-stacked-resource.res.erb | 2 +-
10 files changed, 171 insertions(+), 46 deletions(-)
diff --git a/manifests/init.pp b/manifests/init.pp
index 09f7d48..76ce9c9 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -6,7 +6,8 @@
#
class drbd(
$service_enable = true,
- $package_name = 'drbd8-utils',
+ $service_ensure = 'running',
+ $package_name = 'drbd-utils',
) {
include ::drbd::service
@@ -22,7 +23,7 @@ class drbd(
}
File {
- mode => '0644',
+ mode => '0640',
owner => 'root',
group => 'root',
require => Package['drbd'],
@@ -45,8 +46,10 @@ class drbd(
# only allow files managed by puppet in this directory.
file { '/etc/drbd.d':
ensure => directory,
- mode => '0644',
- purge => true,
+ mode => '0640',
+ # Set purge to false so that it does not clear the dir
+ # when the 2nd drbd resource is added.
+ purge => false,
recurse => true,
force => true,
require => Package['drbd'],
diff --git a/manifests/resource.pp b/manifests/resource.pp
index e65b322..3aa382d 100644
--- a/manifests/resource.pp
+++ b/manifests/resource.pp
@@ -23,32 +23,40 @@
# [ha_primary] If the resource is being applied on the primary host.
# [initial_setup] If this run is associated with the initial setup. Allows a user
# to only perform dangerous setup on the initial run.
+# [link_util] replication link network utilization percent
+# [link_speed] replication link network speed mbps
+# [num_parallel] number of parallel drbd filesystems to sync
+# [rtt_ms] round-trip-time milliseconds (i.e., ping between replication nodes)
define drbd::resource (
- $host1 = undef,
- $host2 = undef,
- $ip1 = undef,
- $ip2 = undef,
- $res1 = undef,
- $res2 = undef,
- $cluster = undef,
- $secret = false,
- $port = '7789',
- $device = '/dev/drbd0',
- $mountpoint = "/drbd/${name}",
- $automount = true,
- $owner = 'root',
- $group = 'root',
- $protocol = 'C',
- $verify_alg = 'crc32c',
- $rate = false,
+ $host1 = undef,
+ $host2 = undef,
+ $ip1 = undef,
+ $ip2 = undef,
+ $res1 = undef,
+ $res2 = undef,
+ $cluster = undef,
+ $secret = false,
+ $port = '7789',
+ $device = '/dev/drbd0',
+ $mountpoint = "/drbd/${name}",
+ $automount = true,
+ $owner = 'root',
+ $group = 'root',
+ $protocol = 'C',
+ $verify_alg = 'crc32c',
$disk_parameters = false,
- $net_parameters = false,
- $manage = true,
- $ha_primary = false,
- $initial_setup = false,
- $fs_type = 'ext4',
- $mkfs_opts = '',
- $disk = undef,
+ $link_util = false,
+ $link_speed = false,
+ $num_parallel = false,
+ $rtt_ms = false,
+ $net_parameters = false,
+ $manage = true,
+ $ha_primary = false,
+ $initial_setup = false,
+ $fs_type = 'ext4',
+ $mkfs_opts = '',
+ $disk = undef,
+ $handlers = false,
) {
include ::drbd
@@ -69,6 +77,75 @@ define drbd::resource (
group => $group,
}
+ if $link_util and $link_speed and $num_parallel and $rtt_ms {
+ # Engineer drbd variable sync rate parameters based on the following:
+ # https://blogs.linbit.com/p/128/drbd-sync-rate-controller/
+ # https://blogs.linbit.com/p/443/drbd-sync-rate-controller-2/
+ # Methodology adapted to account for replication link speed and parallelism.
+
+ # Since there is no aggregate bandwidth control, prorate the drbd
+ # replication bandwidth based on parallelism.
+ # Based on experimentation, it seems generally better to set num_parallel
+ # to 1 and let DRBD auto-regulate its throughput. The end result is that
+ # multiple competing filesystems (i.e., on same disk device) already have
+ # their sync throughput reduced.
+ $mbps = $link_speed / $num_parallel
+
+ # bandwidth delay product
+ $bdp_k = $mbps * $rtt_ms
+
+ # engineer initial sync rate as percent of link bandwidth
+ $rate_M = floor($link_util * $mbps / 8 / 100)
+ $rate = "${rate_M}M"
+
+ # engineer c_plan_ahead to default value (tenths)
+ # Documentation indicates this value OK even for 200 ms RTT.
+ $c_plan_ahead = 20
+
+ # engineer c_fill_target as 1*BDP (tune within 1x to 3x BDP;
+ # choose minimum value that saturates bandwidth)
+ $fill_target_k = floor(1 * $bdp_k)
+ $c_fill_target = "${fill_target_k}k"
+
+ # engineer c_min_rate -- experimentally determined so DRBD is not
+ # throttled to a crawl even when there is minimal application IO.
+ # DRBD default is way too small.
+ $min_rate_M = 15 + floor($link_util * $mbps / 8 / 100 / 25)
+ $c_min_rate = "${min_rate_M}M"
+
+ # engineer c_max_rate as percent of link bandwidth
+ $max_rate_M = floor($link_util * $mbps / 8 / 100)
+ $c_max_rate = "${max_rate_M}M"
+
+ # various tuning settings to enable larger link bandwidth (eg, 10G)
+ # max_buffers should scale with MBps; set to maximum settable
+ $max_buffers = 20000
+ $max_epoch_size = 20000
+ $unplug_watermark = 16
+ # sndbuf_size and rcvbuf_size should scale with mbps; set 0 to auto-tune
+ $sndbuf_size = 0
+ $rcvbuf_size = 0
+ # increase al_extents to improve random write throughput; set to prime number
+ $al_extents = 3389
+ } else {
+ # disable variable sync rate
+ $c_plan_ahead = 0
+ $c_fill_target = false
+ $c_min_rate = false
+ $c_max_rate = false
+
+ # engineer fixed sync rate at 40 percent of 1G
+ $rate_M = floor(40 * 1000 / 8 / 100)
+ $rate = "${rate_M}M"
+
+ $max_buffers = false
+ $max_epoch_size = false
+ $unplug_watermark = false
+ $sndbuf_size = false
+ $rcvbuf_size = false
+ $al_extents = false
+ }
+
concat { "/etc/drbd.d/${name}.res":
mode => '0600',
require => [
@@ -96,13 +173,13 @@ define drbd::resource (
}
# Export our fragment for the clustered node
if $ha_primary and $cluster {
- @@concat::fragment { "${name} ${cluster} primary resource":
+ concat::fragment { "${name} ${cluster} primary resource":
target => "/etc/drbd.d/${name}.res",
content => template('drbd/resource.res.erb'),
order => '10',
}
} elsif $cluster {
- @@concat::fragment { "${name} ${cluster} secondary resource":
+ concat::fragment { "${name} ${cluster} secondary resource":
target => "/etc/drbd.d/${name}.res",
content => template('drbd/resource.res.erb'),
order => '20',
@@ -139,11 +216,11 @@ define drbd::resource (
order => '99',
}
- if $cluster {
- # Import cluster nodes
- Concat::Fragment <<| title == "${name} ${cluster} primary resource" |>>
- Concat::Fragment <<| title == "${name} ${cluster} secondary resource" |>>
- }
+# if $cluster {
+# # Import cluster nodes
+# Concat::Fragment <<| title == "${name} ${cluster} primary resource" |>>
+# Concat::Fragment <<| title == "${name} ${cluster} secondary resource" |>>
+# }
# Due to a bug in puppet, defined() conditionals must be in a defined
# resource to be evaluated *after* the collector instead of before.
diff --git a/manifests/resource/up.pp b/manifests/resource/up.pp
index 7668792..b626f55 100644
--- a/manifests/resource/up.pp
+++ b/manifests/resource/up.pp
@@ -70,7 +70,7 @@ define drbd::resource::up (
# ensure that the device is mounted
mount { $mountpoint:
ensure => mounted,
- atboot => false,
+ atboot => yes,
device => $device,
fstype => 'auto',
options => 'defaults,noauto',
diff --git a/manifests/service.pp b/manifests/service.pp
index de56b34..f9b217a 100644
--- a/manifests/service.pp
+++ b/manifests/service.pp
@@ -1,6 +1,6 @@
class drbd::service {
@service { 'drbd':
- ensure => running,
+ ensure => $drbd::service_ensure,
enable => $drbd::service_enable,
require => Package['drbd'],
restart => 'service drbd reload',
diff --git a/templates/header.res.erb b/templates/header.res.erb
index 22343aa..7ce21e7 100644
--- a/templates/header.res.erb
+++ b/templates/header.res.erb
@@ -5,7 +5,32 @@ resource <%= @name %> {
disk <%= @disk %>;
meta-disk internal;
+ disk {
+<% if @rate -%>
+ resync-rate <%= @rate %>;
+<% end -%>
+<% if @c_plan_ahead -%>
+ c-plan-ahead <%= @c_plan_ahead %>;
+<% end -%>
+<% if @c_fill_target -%>
+ c-fill-target <%= @c_fill_target %>;
+<% end -%>
+<% if @c_min_rate -%>
+ c-min-rate <%= @c_min_rate %>;
+<% end -%>
+<% if @c_max_rate -%>
+ c-max-rate <%= @c_max_rate %>;
+<% end -%>
+<% if @al_extents -%>
+ al-extents <%= @al_extents %>;
+<% end -%>
+ }
+
net {
+ after-sb-0pri discard-zero-changes;
+ after-sb-1pri discard-secondary;
+ after-sb-2pri disconnect;
+
cram-hmac-alg sha1;
<% if @secret -%>
shared-secret "<%= @secret %>";
@@ -16,12 +41,24 @@ resource <%= @name %> {
<%= k %> <%= v %>;
<% end -%>
<% end -%>
- }
- syncer {
+<% if @max_buffers -%>
+ max-buffers <%= @max_buffers %>;
+<% end -%>
+<% if @max_epoch_size -%>
+ max-epoch-size <%= @max_epoch_size %>;
+<% end -%>
+<% if @unplug_watermark -%>
+ unplug-watermark <%= @unplug_watermark %>;
+<% end -%>
+<% if @sndbuf_size -%>
+ sndbuf-size <%= @sndbuf_size %>;
+<% end -%>
+<% if @rcvbuf_size -%>
+ rcvbuf-size <%= @rcvbuf_size %>;
+<% end -%>
+<% if @verify_alg -%>
verify-alg <%= @verify_alg %>;
-<% if @rate -%>
- rate <%= @rate %>;
<% end -%>
}
<% if @disk_parameters -%>
@@ -33,3 +70,11 @@ resource <%= @name %> {
}
<% end -%>
+<% if @handlers -%>
+ handlers {
+<% @handlers.sort_by {|k, v| k}.each do |k, v| -%>
+ <%= k %> "<%= v %>";
+<% end -%>
+ }
+<% end -%>
+
diff --git a/templates/primary-resource.res.erb b/templates/primary-resource.res.erb
index f8af77e..6032fd2 100644
--- a/templates/primary-resource.res.erb
+++ b/templates/primary-resource.res.erb
@@ -1,3 +1,3 @@
on <%= @host1 %> {
- address <%= @ip1 %>:<%= @port %>;
+ address <%= IPAddr.new(@ip1).ipv6?() ? "ipv6 ["+@ip1+"]:"+@port : "ipv4 "+@ip1+":"+@port %>;
}
diff --git a/templates/primary-stacked-resource.res.erb b/templates/primary-stacked-resource.res.erb
index 7eb4dad..a22d8b3 100644
--- a/templates/primary-stacked-resource.res.erb
+++ b/templates/primary-stacked-resource.res.erb
@@ -1,3 +1,3 @@
stacked-on-top-of <%= @res1 %> {
- address <%= @ip1 %>:<%= @port %>;
+ address <%= IPAddr.new(ip1).ipv6?() ? "ipv6 ["+ip1+"]:"+port : "ipv4 "+ip1+":"+port %>;
}
diff --git a/templates/resource.res.erb b/templates/resource.res.erb
index 047877e..9dd4c4d 100644
--- a/templates/resource.res.erb
+++ b/templates/resource.res.erb
@@ -1,3 +1,3 @@
on <%= @hostname %> {
- address <%= @ipaddress %>:<%= @port %>;
+ address <%= IPAddr.new(ipaddress).ipv6?() ? "ipv6 ["+ipaddress+"]:"+@port : "ipv4 "+ipaddress+":"+port %>;
}
diff --git a/templates/secondary-resource.res.erb b/templates/secondary-resource.res.erb
index 678640a..cf2fd96 100644
--- a/templates/secondary-resource.res.erb
+++ b/templates/secondary-resource.res.erb
@@ -1,3 +1,3 @@
on <%= @host2 %> {
- address <%= @ip2 %>:<%= @port %>;
+ address <%= IPAddr.new(@ip2).ipv6?() ? "ipv6 ["+@ip2+"]:"+@port : "ipv4 "+@ip2+":"+@port %>;
}
diff --git a/templates/secondary-stacked-resource.res.erb b/templates/secondary-stacked-resource.res.erb
index 409a705..87d28f5 100644
--- a/templates/secondary-stacked-resource.res.erb
+++ b/templates/secondary-stacked-resource.res.erb
@@ -1,3 +1,3 @@
stacked-on-top-of <%= @res2 %> {
- address <%= @ip2 %>:<%= @port %>;
+ address <%= IPAddr.new(ip2).ipv6?() ? "ipv6 ["+ip2+"]:"+port : "ipv4 "+ip2+":"+port %>;
}
--
2.30.0

24
config/puppet-modules/puppet-drbd/debian/trixie/patches/0002-Disable-timeout-for-mkfs-command.patch Normal file
View File

@@ -0,0 +1,24 @@
From 0c36ecaef39328e85f41ebe8164dc7da5949542a Mon Sep 17 00:00:00 2001
From: Don Penney <don.penney@windriver.com>
Date: Tue, 11 Apr 2017 11:14:25 -0400
Subject: [PATCH] Disable timeout for mkfs command
---
manifests/resource/up.pp | 1 +
1 file changed, 1 insertion(+)
diff --git a/manifests/resource/up.pp b/manifests/resource/up.pp
index b626f55..f9de8ab 100644
--- a/manifests/resource/up.pp
+++ b/manifests/resource/up.pp
@@ -54,6 +54,7 @@ define drbd::resource::up (
}
exec { "drbd_format_volume_${name}":
command => "mkfs.${fs_type} ${mkfs_opts} ${device}",
+ timeout => 0,
refreshonly => true,
require => Exec["drbd_make_primary_${name}"],
before => $before,
--
1.8.3.1

39
config/puppet-modules/puppet-drbd/debian/trixie/patches/0003-drbd-parallel-to-serial-synchronization.patch Normal file
View File

@@ -0,0 +1,39 @@
From a1186e3f68a338c575acdcf5cf41728a1b9ba2c1 Mon Sep 17 00:00:00 2001
From: Angie Wang <angie.Wang@windriver.com>
Date: Mon, 29 May 2017 10:20:13 -0400
Subject: [PATCH 1/1] drbd-parallel-to-serial-synchronization
---
manifests/resource.pp | 1 +
templates/header.res.erb | 3 +++
2 files changed, 4 insertions(+)
diff --git a/manifests/resource.pp b/manifests/resource.pp
index 10edc1a..d19ad8b 100644
--- a/manifests/resource.pp
+++ b/manifests/resource.pp
@@ -47,6 +47,7 @@ define drbd::resource (
$link_speed = false,
$num_parallel = false,
$rtt_ms = false,
+ $resync_after = undef,
$net_parameters = false,
$manage = true,
$ha_primary = false,
diff --git a/templates/header.res.erb b/templates/header.res.erb
index a3256a3..be53761 100644
--- a/templates/header.res.erb
+++ b/templates/header.res.erb
@@ -9,6 +9,9 @@ resource <%= @name %> {
<% if @rate -%>
resync-rate <%= @rate %>;
<% end -%>
+<% if @resync_after -%>
+ resync-after <%= @resync_after %>;
+<% end -%>
<% if @c_plan_ahead -%>
c-plan-ahead <%= @c_plan_ahead %>;
<% end -%>
--
1.8.3.1

53
config/puppet-modules/puppet-drbd/debian/trixie/patches/0004-US-96914-reuse-existing-drbd-cinder-resource.patch Normal file
View File

@@ -0,0 +1,53 @@
From 132fc324c633ee95ca9ac8d00fb27fe5c4df6a3a Mon Sep 17 00:00:00 2001
From: Daniel Badea <daniel.badea@windriver.com>
Date: Tue, 30 May 2017 21:52:52 +0000
Subject: [PATCH] US-96914 reuse existing drbd-cinder resource
Trying to initialize and enable DRBD resource fails in "drbdadm
create-md" when the disk already contains meta data. In this case
"drbdadm adjust" should be called.
---
manifests/resource/up.pp | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/manifests/resource/up.pp b/manifests/resource/up.pp
index f9de8ab..160c8c2 100644
--- a/manifests/resource/up.pp
+++ b/manifests/resource/up.pp
@@ -14,7 +14,7 @@ define drbd::resource::up (
exec { "initialize DRBD metadata for ${name}":
command => "yes yes | drbdadm create-md ${name}",
onlyif => "test -e ${disk}",
- unless => "drbdadm dump-md ${name} || (drbdadm cstate ${name} | egrep -q '^(Sync|Connected|WFConnection|StandAlone|Verify)')",
+ unless => "drbdadm dump-md ${name} || (drbdadm cstate ${name} | egrep -q '^(Sync|Connected|WFConnection|StandAlone|Verify)') || (drbdadm show-gi ${name} | grep 'meta-data: need apply-al')",
before => Service['drbd'],
require => [
Exec['modprobe drbd'],
@@ -26,6 +26,7 @@ define drbd::resource::up (
exec { "enable DRBD resource ${name}":
command => "drbdadm up ${name}",
onlyif => "drbdadm dstate ${name} | egrep -q '^(Diskless/|Unconfigured|Consistent)'",
+ unless => "drbdadm show-gi ${name} | grep 'meta-data: need apply-al'",
before => Service['drbd'],
require => [
Exec["initialize DRBD metadata for ${name}"],
@@ -34,6 +35,16 @@ define drbd::resource::up (
notify => Service['drbd'],
}
+ exec { "reuse existing DRBD resoure ${name}":
+ command => "drbdadm adjust ${name}",
+ onlyif => "test -e ${disk} && (drbdadm show-gi ${name} | grep 'meta-data: need apply-al')",
+ before => Service['drbd'],
+ require => [
+ Exec['modprobe drbd'],
+ Concat["/etc/drbd.d/${name}.res"],
+ ],
+ notify => Service['drbd'],
+ }
# these resources should only be applied if we are configuring the
# primary node in our HA setup
--
1.8.3.1

26
config/puppet-modules/puppet-drbd/debian/trixie/patches/0005-Add-PausedSync-states-to-acceptable-cstate.patch Normal file
View File

@@ -0,0 +1,26 @@
From b575f4c50e8726c5f9b3227b37a4517c0bbde85c Mon Sep 17 00:00:00 2001
From: Robert Church <robert.church@windriver.com>
Date: Fri, 2 Jun 2017 02:15:19 +0000
Subject: [PATCH] Add PausedSync states to acceptable cstate to avoid metdata
creation
---
manifests/resource/up.pp | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/manifests/resource/up.pp b/manifests/resource/up.pp
index 160c8c2..3e2fdac 100644
--- a/manifests/resource/up.pp
+++ b/manifests/resource/up.pp
@@ -14,7 +14,7 @@ define drbd::resource::up (
exec { "initialize DRBD metadata for ${name}":
command => "yes yes | drbdadm create-md ${name}",
onlyif => "test -e ${disk}",
- unless => "drbdadm dump-md ${name} || (drbdadm cstate ${name} | egrep -q '^(Sync|Connected|WFConnection|StandAlone|Verify)') || (drbdadm show-gi ${name} | grep 'meta-data: need apply-al')",
+ unless => "drbdadm dump-md ${name} || (drbdadm cstate ${name} | egrep -q '^(PausedSync|Sync|Connected|WFConnection|StandAlone|Verify)') || (drbdadm show-gi ${name} | grep 'meta-data: need apply-al')",
before => Service['drbd'],
require => [
Exec['modprobe drbd'],
--
1.8.3.1

68
config/puppet-modules/puppet-drbd/debian/trixie/patches/0006-CGTS-7164-Add-resource-options-cpu-mask-to-affine-drbd-kernel-threads.patch Normal file
View File

@@ -0,0 +1,68 @@
From 0e264e7ac2b311aa9b42b183660a07b7e4e36b11 Mon Sep 17 00:00:00 2001
From: Jim Gauld <james.gauld@windriver.com>
Date: Fri, 9 Jun 2017 14:58:23 -0400
Subject: [PATCH 1/1] CGTS-7164: Add resource options cpu-mask to affine drbd
kernel threads
This adds "options { cpu-mask <cpumask>; }" section to DRBD resource
configuration if 'cpumask' hexstring is defined. This governs kernel
threads: drbd_w_<x>, drbd_r_<x>, drbd_a_<x>.
Related notes:
- if cpumask is not specified, the kernel threads drbd_w_<x>, drbd_r_<x>,
drbd_a_<x>, and drbd_as_<x> are affined to individual cores, each <x>
on a different core.
- the remainder of the kernel threads are governed by kernel boot
argument kthread_cpus=<cpulist>. i.e., drbd-reissue, drbd<x>_submit,
jbd2/drbd<x>-8, drbd_as_<x>.
- the drbd_a_<x> and drbd_as_<x> show up when DRBD is duplex.
- the drbd_a_<x> threads have SCHED_RR scheduling policy.
---
manifests/resource.pp | 3 +++
templates/header.res.erb | 6 ++++++
2 files changed, 9 insertions(+)
diff --git a/manifests/resource.pp b/manifests/resource.pp
index d19ad8b..17e6142 100644
--- a/manifests/resource.pp
+++ b/manifests/resource.pp
@@ -26,6 +26,8 @@
# [link_speed] replication link network speed mbps
# [num_parallel] number of parallel drbd filesystems to sync
# [rtt_ms] round-trip-time milliseconds (i.e., ping between replication nodes)
+# [cpumask] cpu-affinity-mask for DRBD kernel threads (hexidecimal notation).
+# 0 means spread over all CPUs of the machine.
define drbd::resource (
$host1 = undef,
$host2 = undef,
@@ -48,6 +50,7 @@ define drbd::resource (
$num_parallel = false,
$rtt_ms = false,
$resync_after = undef,
+ $cpumask = false,
$net_parameters = false,
$manage = true,
$ha_primary = false,
diff --git a/templates/header.res.erb b/templates/header.res.erb
index be53761..df52544 100644
--- a/templates/header.res.erb
+++ b/templates/header.res.erb
@@ -29,6 +29,12 @@ resource <%= @name %> {
<% end -%>
}
+<% if @cpumask -%>
+ options {
+ cpu-mask <%= @cpumask %>;
+ }
+<% end -%>
+
net {
after-sb-0pri discard-zero-changes;
after-sb-1pri discard-secondary;
--
1.8.3.1

Some files were not shown because too many files have changed in this diff Show More