Merge "Provision cert-alarm service and setup cert-alarm.conf"
This commit is contained in:
commit
2ca5846f7c
|
@ -0,0 +1,35 @@
|
|||
#
|
||||
# Files in this package are licensed under Apache; see LICENSE file.
|
||||
#
|
||||
# Copyright (c) 2021 Wind River Systems, Inc.
|
||||
#
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
#
|
||||
|
||||
Puppet::Type.type(:certalarm_config).provide(
|
||||
:ini_setting,
|
||||
:parent => Puppet::Type.type(:ini_setting).provider(:ruby)
|
||||
) do
|
||||
|
||||
def section
|
||||
resource[:name].split('/', 2).first
|
||||
end
|
||||
|
||||
def setting
|
||||
resource[:name].split('/', 2).last
|
||||
end
|
||||
|
||||
def separator
|
||||
'='
|
||||
end
|
||||
|
||||
def self.file_path
|
||||
'/etc/sysinv/cert-alarm.conf'
|
||||
end
|
||||
|
||||
# added for backwards compatibility with older versions of inifile
|
||||
def file_path
|
||||
self.class.file_path
|
||||
end
|
||||
|
||||
end
|
|
@ -0,0 +1,50 @@
|
|||
#
|
||||
# Files in this package are licensed under Apache; see LICENSE file.
|
||||
#
|
||||
# Copyright (c) 2021 Wind River Systems, Inc.
|
||||
#
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
#
|
||||
|
||||
Puppet::Type.newtype(:certalarm_config) do
|
||||
|
||||
ensurable
|
||||
|
||||
newparam(:name, :namevar => true) do
|
||||
desc 'Section/setting name to manage from /etc/sysinv/cert-alarm.conf'
|
||||
newvalues(/\S+\/\S+/)
|
||||
end
|
||||
|
||||
newproperty(:value) do
|
||||
desc 'The value of the setting to be defined.'
|
||||
munge do |value|
|
||||
value = value.to_s.strip
|
||||
value.capitalize! if value =~ /^(true|false)$/i
|
||||
value
|
||||
end
|
||||
|
||||
def is_to_s( currentvalue )
|
||||
if resource.secret?
|
||||
return '[old secret redacted]'
|
||||
else
|
||||
return currentvalue
|
||||
end
|
||||
end
|
||||
|
||||
def should_to_s( newvalue )
|
||||
if resource.secret?
|
||||
return '[new secret redacted]'
|
||||
else
|
||||
return newvalue
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
newparam(:secret, :boolean => true) do
|
||||
desc 'Whether to hide the value from Puppet logs. Defaults to `false`.'
|
||||
|
||||
newvalues(:true, :false)
|
||||
|
||||
defaultto false
|
||||
end
|
||||
end
|
|
@ -0,0 +1,102 @@
|
|||
#
|
||||
# Files in this package are licensed under Apache; see LICENSE file.
|
||||
#
|
||||
# Copyright (c) 2021 Wind River Systems, Inc.
|
||||
#
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
#
|
||||
#
|
||||
class sysinv::certalarm (
|
||||
$local_keystone_password,
|
||||
$dc_keystone_password,
|
||||
$local_keystone_auth_uri = false,
|
||||
$local_keystone_identity_uri = false,
|
||||
$local_keystone_project_domain = 'Default',
|
||||
$local_keystone_tenant = 'services',
|
||||
$local_keystone_user = 'sysinv',
|
||||
$local_keystone_user_domain = 'Default',
|
||||
$local_region_name = 'RegionOne',
|
||||
|
||||
$use_syslog = false,
|
||||
$log_facility = 'LOG_USER',
|
||||
$debug = false,
|
||||
|
||||
$keystone_auth_protocol = 'http',
|
||||
$keystone_auth_host = 'localhost',
|
||||
$keystone_enabled = true,
|
||||
$keystone_interface = 'internal',
|
||||
$auth_type = 'password',
|
||||
$service_port = '5000',
|
||||
$keystone_http_connect_timeout = '10',
|
||||
$package_ensure = 'latest',
|
||||
$bind_host = '::',
|
||||
$pxeboot_host = undef,
|
||||
$enabled = true,
|
||||
) {
|
||||
include sysinv::params
|
||||
|
||||
if $::sysinv::params::certalarm_package {
|
||||
Package['certalarm'] -> Certalarm_config<||>
|
||||
package { 'certalarm':
|
||||
ensure => $package_ensure,
|
||||
name => $::sysinv::params::certalarm_package,
|
||||
}
|
||||
}
|
||||
|
||||
file { $::sysinv::params::certalarm_conf:
|
||||
ensure => present,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0600',
|
||||
require => Package['sysinv'],
|
||||
}
|
||||
|
||||
if $local_keystone_identity_uri {
|
||||
certalarm_config {
|
||||
'keystone_authtoken/auth_url': value => $local_keystone_identity_uri;
|
||||
'keystone_authtoken/auth_uri': value => $local_keystone_identity_uri;
|
||||
}
|
||||
} else {
|
||||
certalarm_config {
|
||||
'keystone_authtoken/auth_url': value => "${keystone_auth_protocol}://${keystone_auth_host}:${service_port}/";
|
||||
'keystone_authtoken/auth_uri': value => "${keystone_auth_protocol}://${keystone_auth_host}:${service_port}/";
|
||||
}
|
||||
}
|
||||
|
||||
certalarm_config {
|
||||
'DEFAULT/syslog_log_facility': value => $log_facility;
|
||||
'DEFAULT/use_syslog': value => $use_syslog;
|
||||
'DEFAULT/debug': value => $debug;
|
||||
'DEFAULT/logging_default_format_string': value => '%(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s';
|
||||
'DEFAULT/logging_debug_format_suffix': value => '%(pathname)s:%(lineno)d';
|
||||
}
|
||||
|
||||
certalarm_config {
|
||||
'certalarm/retry_interval': value => 600;
|
||||
'certalarm/max_retry': value => 14;
|
||||
'certalarm/audit_interval': value => 86400;
|
||||
}
|
||||
|
||||
if $keystone_enabled {
|
||||
certalarm_config {
|
||||
'DEFAULT/auth_strategy': value => 'keystone' ;
|
||||
}
|
||||
certalarm_config {
|
||||
'keystone_authtoken/auth_type': value => $auth_type;
|
||||
'keystone_authtoken/project_name': value => $local_keystone_tenant;
|
||||
'keystone_authtoken/username': value => $local_keystone_user;
|
||||
'keystone_authtoken/password': value => $local_keystone_password, secret=> true;
|
||||
'keystone_authtoken/user_domain_name': value => $local_keystone_user_domain;
|
||||
'keystone_authtoken/project_domain_name': value => $local_keystone_project_domain;
|
||||
'keystone_authtoken/interface': value => $keystone_interface;
|
||||
'keystone_authtoken/region_name': value => $local_region_name;
|
||||
}
|
||||
|
||||
}
|
||||
else
|
||||
{
|
||||
certalarm_config {
|
||||
'DEFAULT/auth_strategy': value => 'noauth' ;
|
||||
}
|
||||
}
|
||||
}
|
|
@ -1,7 +1,7 @@
|
|||
#
|
||||
# Files in this package are licensed under Apache; see LICENSE file.
|
||||
#
|
||||
# Copyright (c) 2013-2019 Wind River Systems, Inc.
|
||||
# Copyright (c) 2013-2021 Wind River Systems, Inc.
|
||||
#
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
#
|
||||
|
@ -73,6 +73,7 @@ class sysinv (
|
|||
Package['sysinv'] -> Sysinv_config<||>
|
||||
Package['sysinv'] -> Sysinv_api_paste_ini<||>
|
||||
Package['sysinv'] -> Certmon_config<||>
|
||||
Package['sysinv'] -> Certalarm_config<||>
|
||||
|
||||
# this anchor is used to simplify the graph between sysinv components by
|
||||
# allowing a resource to serve as a point where the configuration of sysinv begins
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
#
|
||||
# Files in this package are licensed under Apache; see LICENSE file.
|
||||
#
|
||||
# Copyright (c) 2013-2016 Wind River Systems, Inc.
|
||||
# Copyright (c) 2013-2021 Wind River Systems, Inc.
|
||||
#
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
#
|
||||
|
@ -19,6 +19,7 @@ class sysinv::params {
|
|||
$sysinv_dir = '/etc/sysinv'
|
||||
$sysinv_conf = '/etc/sysinv/sysinv.conf'
|
||||
$certmon_conf = '/etc/sysinv/cert-mon.conf'
|
||||
$certalarm_conf = '/etc/sysinv/cert-alarm.conf'
|
||||
$sysinv_paste_api_ini = '/etc/sysinv/api-paste.ini'
|
||||
|
||||
if $::osfamily == 'Debian' {
|
||||
|
@ -31,6 +32,7 @@ class sysinv::params {
|
|||
$agent_package = 'sysinv'
|
||||
$agent_service = 'sysinv-agent'
|
||||
$certmon_package = 'cert-mon'
|
||||
$certalarm_package = 'cert-alarm'
|
||||
$db_sync_command = 'sysinv-dbsync'
|
||||
|
||||
} elsif($::osfamily == 'RedHat') {
|
||||
|
@ -44,6 +46,7 @@ class sysinv::params {
|
|||
$agent_package = false
|
||||
$agent_service = 'sysinv-agent'
|
||||
$certmon_package = false
|
||||
$certalarm_package = false
|
||||
$db_sync_command = 'sysinv-dbsync'
|
||||
|
||||
} elsif($::osfamily == 'WRLinux') {
|
||||
|
@ -57,6 +60,7 @@ class sysinv::params {
|
|||
$agent_package = false
|
||||
$agent_service = 'sysinv-agent'
|
||||
$certmon_package = false
|
||||
$certalarm_package = false
|
||||
$db_sync_command = 'sysinv-dbsync'
|
||||
|
||||
} else {
|
||||
|
|
|
@ -148,6 +148,10 @@ sysinv::certmon::use_syslog: true
|
|||
sysinv::certmon::log_facility: 'local6'
|
||||
sysinv::certmon::debug: false
|
||||
|
||||
# cert-alarm
|
||||
sysinv::certalarm::use_syslog: true
|
||||
sysinv::certalarm::log_facility: 'local6'
|
||||
sysinv::certalarm::debug: false
|
||||
|
||||
# nfvi
|
||||
nfv::nfvi::infrastructure_rest_api_data_port_fault_handling_enabled: false
|
||||
|
|
|
@ -82,6 +82,7 @@ include ::platform::dcorch::engine
|
|||
include ::platform::dcorch::api_proxy
|
||||
include ::platform::dcmanager::api
|
||||
include ::platform::certmon
|
||||
include ::platform::certalarm
|
||||
|
||||
include ::platform::dcdbsync
|
||||
include ::platform::dcdbsync::api
|
||||
|
|
|
@ -93,6 +93,7 @@ include ::platform::dcorch::engine
|
|||
include ::platform::dcorch::api_proxy
|
||||
include ::platform::dcmanager::api
|
||||
include ::platform::certmon
|
||||
include ::platform::certalarm
|
||||
|
||||
include ::platform::dcdbsync
|
||||
include ::platform::dcdbsync::api
|
||||
|
|
|
@ -0,0 +1,3 @@
|
|||
class platform::certalarm {
|
||||
include ::sysinv::certalarm
|
||||
}
|
|
@ -776,6 +776,9 @@ class platform::sm
|
|||
-> exec { 'Provision cert-mon service in controller-services group':
|
||||
command => 'sm-provision service-group-member controller-services cert-mon'
|
||||
}
|
||||
-> exec { 'Provision cert-alarm service in controller-services group':
|
||||
command => 'sm-provision service-group-member controller-services cert-alarm'
|
||||
}
|
||||
|
||||
|
||||
# On an AIO-DX system, cephmon DRBD must always be configured, even
|
||||
|
|
Loading…
Reference in New Issue