diff --git a/modules/puppet-dcdbsync/src/dcdbsync/lib/puppet/provider/dcdbsync_openstack_config/ini_setting.rb b/modules/puppet-dcdbsync/src/dcdbsync/lib/puppet/provider/dcdbsync_openstack_config/ini_setting.rb new file mode 100644 index 000000000..b8a25276b --- /dev/null +++ b/modules/puppet-dcdbsync/src/dcdbsync/lib/puppet/provider/dcdbsync_openstack_config/ini_setting.rb @@ -0,0 +1,37 @@ +# +# Files in this package are licensed under Apache; see LICENSE file. +# +# Copyright (c) 2019 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# +# Jan 2019 Creation based off puppet-sysinv +# + +Puppet::Type.type(:dcdbsync_openstack_config).provide( + :ini_setting, + :parent => Puppet::Type.type(:ini_setting).provider(:ruby) +) do + + def section + resource[:name].split('/', 2).first + end + + def setting + resource[:name].split('/', 2).last + end + + def separator + '=' + end + + def self.file_path + '/etc/dcdbsync/dcdbsync_openstack.conf' + end + + # added for backwards compatibility with older versions of inifile + def file_path + self.class.file_path + end + +end diff --git a/modules/puppet-dcdbsync/src/dcdbsync/lib/puppet/type/dcdbsync_openstack_config.rb b/modules/puppet-dcdbsync/src/dcdbsync/lib/puppet/type/dcdbsync_openstack_config.rb new file mode 100644 index 000000000..2cefdbc8f --- /dev/null +++ b/modules/puppet-dcdbsync/src/dcdbsync/lib/puppet/type/dcdbsync_openstack_config.rb @@ -0,0 +1,52 @@ +# +# Files in this package are licensed under Apache; see LICENSE file. +# +# Copyright (c) 2019 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# +# Jan 2019 Creation based off puppet-sysinv +# + +Puppet::Type.newtype(:dcdbsync_openstack_config) do + + ensurable + + newparam(:name, :namevar => true) do + desc 'Section/setting name to manage from /etc/dcdbsync/dcdbsync_openstack.conf' + newvalues(/\S+\/\S+/) + end + + newproperty(:value) do + desc 'The value of the setting to be defined.' + munge do |value| + value = value.to_s.strip + value.capitalize! if value =~ /^(true|false)$/i + value + end + + def is_to_s( currentvalue ) + if resource.secret? + return '[old secret redacted]' + else + return currentvalue + end + end + + def should_to_s( newvalue ) + if resource.secret? + return '[new secret redacted]' + else + return newvalue + end + end + end + + newparam(:secret, :boolean => true) do + desc 'Whether to hide the value from Puppet logs. Defaults to `false`.' + + newvalues(:true, :false) + + defaultto false + end +end diff --git a/modules/puppet-dcdbsync/src/dcdbsync/manifests/openstack_api.pp b/modules/puppet-dcdbsync/src/dcdbsync/manifests/openstack_api.pp new file mode 100644 index 000000000..aaae74184 --- /dev/null +++ b/modules/puppet-dcdbsync/src/dcdbsync/manifests/openstack_api.pp @@ -0,0 +1,176 @@ +# +# Files in this package are licensed under Apache; see LICENSE file. +# +# Copyright (c) 2019 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +# == Class: dcdbsync::api +# +# Setup and configure the dcdbsync API endpoint +# +# === Parameters +# +# [*keystone_password*] +# The password to use for authentication (keystone) +# +# [*keystone_enabled*] +# (optional) Use keystone for authentification +# Defaults to true +# +# [*keystone_tenant*] +# (optional) The tenant of the auth user +# Defaults to services +# +# [*keystone_user*] +# (optional) The name of the auth user +# Defaults to dcdbsync +# +# [*keystone_auth_host*] +# (optional) The keystone host +# Defaults to localhost +# +# [*keystone_auth_port*] +# (optional) The keystone auth port +# Defaults to 5000 +# +# [*keystone_auth_protocol*] +# (optional) The protocol used to access the auth host +# Defaults to http. +# +# [*keystone_auth_admin_prefix*] +# (optional) The admin_prefix used to admin endpoint of the auth host +# This allow admin auth URIs like http://auth_host:5000/keystone. +# (where '/keystone' is the admin prefix) +# Defaults to false for empty. If defined, should be a string with a +# leading '/' and no trailing '/'. +# +# [*keystone_user_domain*] +# (Optional) domain name for auth user. +# Defaults to 'Default'. +# +# [*keystone_project_domain*] +# (Optional) domain name for auth project. +# Defaults to 'Default'. +# +# [*auth_type*] +# (Optional) Authentication type to load. +# Defaults to 'password'. +# +# [*bind_port*] +# (optional) The dcorch dbsync api port +# Defaults to 8220 +# +# [*package_ensure*] +# (optional) The state of the package +# Defaults to present +# +# [*bind_host*] +# (optional) The dcorch dbsync api bind address +# Defaults to 0.0.0.0 +# +# [*enabled*] +# (optional) The state of the service +# Defaults to true +# + +# dcdbsync instance for containerized openstack services +class dcdbsync::openstack_api ( + $keystone_password = '', + $keystone_enabled = true, + $keystone_tenant = 'service', + $keystone_user = 'dcdbsync', + $keystone_auth_host = 'keystone.openstack.svc.cluster.local', + $keystone_auth_port = '80', + $keystone_auth_protocol = 'http', + $keystone_auth_admin_prefix = false, + $keystone_auth_uri = false, + $keystone_auth_version = false, + $keystone_identity_uri = false, + $keystone_user_domain = 'Default', + $keystone_project_domain = 'Default', + $auth_type = 'password', + $package_ensure = 'latest', + $bind_host = '0.0.0.0', + $bind_port = 8220, + $enabled = false +) { + + include dcdbsync::params + + Dcdbsync_openstack_config<||> ~> Service['dcdbsync-openstack-api'] + + dcdbsync_openstack_config { + 'DEFAULT/bind_host': value => $bind_host; + 'DEFAULT/bind_port': value => $bind_port; + } + + if $keystone_identity_uri { + dcdbsync_openstack_config { 'keystone_authtoken/auth_url': value => $keystone_identity_uri; } + dcdbsync_openstack_config { 'cache/auth_uri': value => "${keystone_identity_uri}/v3"; } + } else { + dcdbsync_openstack_config { 'keystone_authtoken/auth_url': value => "${keystone_auth_protocol}://${keystone_auth_host}:${keystone_auth_port}/v3"; } + } + + if $keystone_auth_uri { + dcdbsync_openstack_config { 'keystone_authtoken/auth_uri': value => $keystone_auth_uri; } + } else { + dcdbsync_openstack_config { + 'keystone_authtoken/auth_uri': value => "${keystone_auth_protocol}://${keystone_auth_host}:${keystone_auth_port}/v3"; + } + } + + if $keystone_auth_version { + dcdbsync_openstack_config { 'keystone_authtoken/auth_version': value => $keystone_auth_version; } + } else { + dcdbsync_openstack_config { 'keystone_authtoken/auth_version': ensure => absent; } + } + + if $keystone_enabled { + dcdbsync_openstack_config { + 'DEFAULT/auth_strategy': value => 'keystone' ; + } + dcdbsync_openstack_config { + 'keystone_authtoken/auth_type': value => $auth_type; + 'keystone_authtoken/project_name': value => $keystone_tenant; + 'keystone_authtoken/username': value => $keystone_user; + 'keystone_authtoken/password': value => $keystone_password, secret=> true; + 'keystone_authtoken/user_domain_name': value => $keystone_user_domain; + 'keystone_authtoken/project_domain_name': value => $keystone_project_domain; + } + + if $keystone_auth_admin_prefix { + validate_re($keystone_auth_admin_prefix, '^(/.+[^/])?$') + dcdbsync_openstack_config { + 'keystone_authtoken/auth_admin_prefix': value => $keystone_auth_admin_prefix; + } + } else { + dcdbsync_openstack_config { + 'keystone_authtoken/auth_admin_prefix': ensure => absent; + } + } + } + else + { + dcdbsync_openstack_config { + 'DEFAULT/auth_strategy': value => 'noauth' ; + } + } + + if $enabled { + $ensure = 'running' + } else { + $ensure = 'stopped' + } + + service { 'dcdbsync-openstack-api': + ensure => $ensure, + name => $::dcdbsync::params::api_openstack_service, + enable => $enabled, + hasstatus => true, + hasrestart => true, + tag => 'dcdbsync-openstack-api', + } + Keystone_endpoint<||> -> Service['dcdbsync-openstack-api'] +} diff --git a/modules/puppet-dcdbsync/src/dcdbsync/manifests/openstack_cleanup.pp b/modules/puppet-dcdbsync/src/dcdbsync/manifests/openstack_cleanup.pp new file mode 100644 index 000000000..c55bd4c7c --- /dev/null +++ b/modules/puppet-dcdbsync/src/dcdbsync/manifests/openstack_cleanup.pp @@ -0,0 +1,23 @@ +# +# Files in this package are licensed under Apache; see LICENSE file. +# +# Copyright (c) 2019 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# +# Jan 2019 Creation based off puppet-sysinv +# + +# +# == Parameters +# + +# cleanup openstack dcdbsync instance +class dcdbsync::openstack_cleanup { + + include dcdbsync::params + + file { $::dcdbsync::params::openstack_conf_file: + ensure => absent, + } +} diff --git a/modules/puppet-dcdbsync/src/dcdbsync/manifests/openstack_init.pp b/modules/puppet-dcdbsync/src/dcdbsync/manifests/openstack_init.pp new file mode 100644 index 000000000..1fd736637 --- /dev/null +++ b/modules/puppet-dcdbsync/src/dcdbsync/manifests/openstack_init.pp @@ -0,0 +1,78 @@ +# +# Files in this package are licensed under Apache; see LICENSE file. +# +# Copyright (c) 2019 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# +# Jan 2019 Creation based off puppet-sysinv +# + +# +# == Parameters +# +# [use_syslog] +# Use syslog for logging. +# (Optional) Defaults to false. +# +# [log_facility] +# Syslog facility to receive log lines. +# (Optional) Defaults to LOG_USER. + +# dcdbsync instance for containerized openstack services +class dcdbsync::openstack_init ( + $database_connection = '', + $database_idle_timeout = 3600, + $database_max_pool_size = 5, + $database_max_overflow = 10, + $package_ensure = 'present', + $use_stderr = false, + $log_file = 'dcdbsync_openstack.log', + $log_dir = '/var/log/dcdbsync', + $use_syslog = false, + $log_facility = 'LOG_USER', + $verbose = false, + $debug = false, + $region_name = 'RegionOne', +) { + + include dcdbsync::params + + file { $::dcdbsync::params::openstack_conf_file: + ensure => present, + mode => '0600', + } + + dcdbsync_openstack_config { + 'DEFAULT/verbose': value => $verbose; + 'DEFAULT/debug': value => $debug; + } + + # Automatically add psycopg2 driver to postgresql (only does this if it is missing) + $real_connection = regsubst($database_connection,'^mysql:','mysql+pymysql:') + + dcdbsync_openstack_config { + 'database/connection': value => $real_connection, secret => true; + 'database/idle_timeout': value => $database_idle_timeout; + 'database/max_pool_size': value => $database_max_pool_size; + 'database/max_overflow': value => $database_max_overflow; + } + + if $use_syslog { + dcdbsync_openstack_config { + 'DEFAULT/use_syslog': value => true; + 'DEFAULT/syslog_log_facility': value => $log_facility; + } + } else { + dcdbsync_openstack_config { + 'DEFAULT/use_syslog': value => false; + 'DEFAULT/use_stderr': value => false; + 'DEFAULT/log_file' : value => $log_file; + 'DEFAULT/log_dir' : value => $log_dir; + } + } + + dcdbsync_openstack_config { + 'keystone_authtoken/region_name': value => $region_name; + } +} diff --git a/modules/puppet-dcdbsync/src/dcdbsync/manifests/params.pp b/modules/puppet-dcdbsync/src/dcdbsync/manifests/params.pp index 1e22b49c2..9f859a214 100644 --- a/modules/puppet-dcdbsync/src/dcdbsync/manifests/params.pp +++ b/modules/puppet-dcdbsync/src/dcdbsync/manifests/params.pp @@ -11,17 +11,20 @@ class dcdbsync::params { $conf_dir = '/etc/dcdbsync' $conf_file = '/etc/dcdbsync/dcdbsync.conf' + $openstack_conf_file = '/etc/dcdbsync/dcdbsync_openstack.conf' if $::osfamily == 'Debian' { - $package_name = 'distributedcloud-dcdbsync' - $api_package = 'distributedcloud-dcdbsync' - $api_service = 'dcdbsync-api' + $package_name = 'distributedcloud-dcdbsync' + $api_package = 'distributedcloud-dcdbsync' + $api_service = 'dcdbsync-api' + $api_openstack_service = 'dcdbsync-openstack-api' } elsif($::osfamily == 'RedHat') { - $package_name = 'distributedcloud-dcdbsync' - $api_package = false - $api_service = 'dcdbsync-api' + $package_name = 'distributedcloud-dcdbsync' + $api_package = false + $api_service = 'dcdbsync-api' + $api_openstack_service = 'dcdbsync-openstack-api' } else { fail("Unsupported osfamily ${::osfamily}") diff --git a/puppet-manifests/src/hieradata/controller.yaml b/puppet-manifests/src/hieradata/controller.yaml index dc160d6d1..21c538e5b 100644 --- a/puppet-manifests/src/hieradata/controller.yaml +++ b/puppet-manifests/src/hieradata/controller.yaml @@ -211,10 +211,14 @@ dcmanager::use_syslog: true dcmanager::log_facility: 'local2' dcmanager::debug: false -# Dcdbsync -dbsync::use_syslog: true -dbsync::log_facility: 'local2' -dbsync::debug: false +# Dcdbsync instance for platform services +dcdbsync::use_syslog: true +dcdbsync::log_facility: 'local2' +dcdbsync::debug: false +# Dcdbsync instance for containerized openstack services +dcdbsync::openstack_init::use_syslog: true +dcdbsync::openstack_init::log_facility: 'local3' +dcdbsync::openstack_init::debug: false # FM fm::use_syslog: true diff --git a/puppet-manifests/src/modules/platform/manifests/dcdbsync.pp b/puppet-manifests/src/modules/platform/manifests/dcdbsync.pp index dafc15d14..789b3fbaf 100644 --- a/puppet-manifests/src/modules/platform/manifests/dcdbsync.pp +++ b/puppet-manifests/src/modules/platform/manifests/dcdbsync.pp @@ -1,5 +1,6 @@ class platform::dcdbsync::params ( $api_port = 8219, + $api_openstack_port = 8220, $region_name = undef, $service_create = false, $service_enabled = false, @@ -42,3 +43,30 @@ class platform::dcdbsync::api } } +class platform::dcdbsync::stx_openstack::runtime + inherits ::platform::dcdbsync::params { + if ($::platform::params::distributed_cloud_role == 'systemcontroller' or + $::platform::params::distributed_cloud_role == 'subcloud') { + if $service_create and + $::platform::params::stx_openstack_applied { + + include ::platform::network::mgmt::params + + $api_host = $::platform::network::mgmt::params::controller_address + $api_fqdn = $::platform::params::controller_hostname + $url_host = "http://${api_fqdn}:${api_openstack_port}" + + class { '::dcdbsync::openstack_init': } + class { '::dcdbsync::openstack_api': + keystone_tenant => 'service', + keystone_user_domain => 'service', + keystone_project_domain => 'service', + bind_host => $api_host, + bind_port => $api_openstack_port, + enabled => $service_enabled, + } + } else { + class { '::dcdbsync::openstack_cleanup': } + } + } +} diff --git a/puppet-manifests/src/modules/platform/manifests/sm.pp b/puppet-manifests/src/modules/platform/manifests/sm.pp index ece0fc2b4..a9514eff0 100644 --- a/puppet-manifests/src/modules/platform/manifests/sm.pp +++ b/puppet-manifests/src/modules/platform/manifests/sm.pp @@ -424,6 +424,9 @@ class platform::sm -> exec { 'Configure OpenStack - DCDBsync-API': command => "sm-configure service_instance dcdbsync-api dcdbsync-api \"\"", } + -> exec { 'Configure OpenStack - DCDBsync-openstack-API': + command => "sm-configure service_instance dcdbsync-openstack-api dcdbsync-openstack-api \"config=/etc/dcdbsync/dcdbsync_openstack.conf\"", + } # Deprovision Horizon when running as a subcloud exec { 'Deprovision OpenStack - Horizon (service-group-member)': command => 'sm-deprovision service-group-member web-services horizon', @@ -891,6 +894,9 @@ class platform::sm -> exec { 'Configure OpenStack - DCDBsync-API': command => "sm-configure service_instance dcdbsync-api dcdbsync-api \"\"", } + -> exec { 'Configure OpenStack - DCDBsync-openstack-API': + command => "sm-configure service_instance dcdbsync-openstack-api dcdbsync-openstack-api \"config=/etc/dcdbsync/dcdbsync_openstack.conf\"", + } } # lint:endignore:140chars @@ -955,6 +961,13 @@ class platform::sm::stx_openstack::runtime { exec { 'provision guest-agent service group member': command => 'sm-provision service-group-member controller-services guest-agent --apply' } + # Configure openstack dcdbsync for systemcontroller and subcloud + if ($::platform::params::distributed_cloud_role =='systemcontroller') or + ($::platform::params::distributed_cloud_role =='subcloud') { + exec { 'provision distributed-cloud service group member': + command => 'sm-provision service-group-member distributed-cloud-services dcdbsync-openstack-api --apply' + } + } } else { exec { 'deprovision service group member': command => 'sm-deprovision service-group-member cloud-services dbmon --apply' @@ -962,6 +975,14 @@ class platform::sm::stx_openstack::runtime { exec { 'deprovision guest-agent service group member': command => 'sm-deprovision service-group-member controller-services guest-agent --apply' } + exec { 'deprovision distributed-cloud service group member': + command => 'sm-deprovision service-group-member distributed-cloud-services dcdbsync-openstack-api --apply' + } + -> exec { 'stop distributed-cloud service group member': + environment => ['OCF_FUNCTIONS_DIR=/usr/lib/ocf/lib/heartbeat/', + 'OCF_RESKEY_pid=/var/run/resource-agents/dcdbsync-openstack-api.pid'], + command => '/usr/lib/ocf/resource.d/openstack/dcdbsync-api stop', + } } }