From 8b70875adff8b23c79514d602c7aaff3224dee6c Mon Sep 17 00:00:00 2001 From: Andy Ning Date: Tue, 16 Jul 2019 13:57:52 -0400 Subject: [PATCH] dcdbsync for containerized openstack services - puppet This update contains changes to deploy and config the dcdbsync instance for containerized openstack services, including: - Added a set of puppet modules to generate configuration file for the openstack dcdbsync instance to run on platform. - Updated dcdbsync puppet with runtime classes to be called after stx-openstack application is succussfully applied to generate the configuration for openstack dcdbsync instance, and to remove the configuration file once stx-openstack is removed. The dcdbsync instance for openstack is also deprovisioned and stopped once stx-openstack is removed. - Update sm runtime puppet to provision/deprovision the openstack dcdbsync service. The overall procedure is, during stx-openstack app application, dcdbsync identities will be created in containerized keystone. After stx-openstack is successfully applied the dcdbsync runtime puppet is called to generate the configuration file for openstack dcdbsync instance with some information retrieved from helm (particularly keystone passwords). Finally sm runtime is called to bring up the dcdbsync service into running. When stx-openstack app is removed, openstack dcdbsync instance will be cleanup with configuration file removed and service deprovisioned and stopped. Change-Id: I6119a3c37b1c534c8f8059c0939609e4f4b031b7 Story: 2004766 Task: 36104 Signed-off-by: Andy Ning --- .../dcdbsync_openstack_config/ini_setting.rb | 37 ++++ .../puppet/type/dcdbsync_openstack_config.rb | 52 ++++++ .../src/dcdbsync/manifests/openstack_api.pp | 176 ++++++++++++++++++ .../dcdbsync/manifests/openstack_cleanup.pp | 23 +++ .../src/dcdbsync/manifests/openstack_init.pp | 78 ++++++++ .../src/dcdbsync/manifests/params.pp | 15 +- .../src/hieradata/controller.yaml | 12 +- .../modules/platform/manifests/dcdbsync.pp | 28 +++ .../src/modules/platform/manifests/sm.pp | 21 +++ 9 files changed, 432 insertions(+), 10 deletions(-) create mode 100644 modules/puppet-dcdbsync/src/dcdbsync/lib/puppet/provider/dcdbsync_openstack_config/ini_setting.rb create mode 100644 modules/puppet-dcdbsync/src/dcdbsync/lib/puppet/type/dcdbsync_openstack_config.rb create mode 100644 modules/puppet-dcdbsync/src/dcdbsync/manifests/openstack_api.pp create mode 100644 modules/puppet-dcdbsync/src/dcdbsync/manifests/openstack_cleanup.pp create mode 100644 modules/puppet-dcdbsync/src/dcdbsync/manifests/openstack_init.pp diff --git a/modules/puppet-dcdbsync/src/dcdbsync/lib/puppet/provider/dcdbsync_openstack_config/ini_setting.rb b/modules/puppet-dcdbsync/src/dcdbsync/lib/puppet/provider/dcdbsync_openstack_config/ini_setting.rb new file mode 100644 index 00000000..b8a25276 --- /dev/null +++ b/modules/puppet-dcdbsync/src/dcdbsync/lib/puppet/provider/dcdbsync_openstack_config/ini_setting.rb @@ -0,0 +1,37 @@ +# +# Files in this package are licensed under Apache; see LICENSE file. +# +# Copyright (c) 2019 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# +# Jan 2019 Creation based off puppet-sysinv +# + +Puppet::Type.type(:dcdbsync_openstack_config).provide( + :ini_setting, + :parent => Puppet::Type.type(:ini_setting).provider(:ruby) +) do + + def section + resource[:name].split('/', 2).first + end + + def setting + resource[:name].split('/', 2).last + end + + def separator + '=' + end + + def self.file_path + '/etc/dcdbsync/dcdbsync_openstack.conf' + end + + # added for backwards compatibility with older versions of inifile + def file_path + self.class.file_path + end + +end diff --git a/modules/puppet-dcdbsync/src/dcdbsync/lib/puppet/type/dcdbsync_openstack_config.rb b/modules/puppet-dcdbsync/src/dcdbsync/lib/puppet/type/dcdbsync_openstack_config.rb new file mode 100644 index 00000000..2cefdbc8 --- /dev/null +++ b/modules/puppet-dcdbsync/src/dcdbsync/lib/puppet/type/dcdbsync_openstack_config.rb @@ -0,0 +1,52 @@ +# +# Files in this package are licensed under Apache; see LICENSE file. +# +# Copyright (c) 2019 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# +# Jan 2019 Creation based off puppet-sysinv +# + +Puppet::Type.newtype(:dcdbsync_openstack_config) do + + ensurable + + newparam(:name, :namevar => true) do + desc 'Section/setting name to manage from /etc/dcdbsync/dcdbsync_openstack.conf' + newvalues(/\S+\/\S+/) + end + + newproperty(:value) do + desc 'The value of the setting to be defined.' + munge do |value| + value = value.to_s.strip + value.capitalize! if value =~ /^(true|false)$/i + value + end + + def is_to_s( currentvalue ) + if resource.secret? + return '[old secret redacted]' + else + return currentvalue + end + end + + def should_to_s( newvalue ) + if resource.secret? + return '[new secret redacted]' + else + return newvalue + end + end + end + + newparam(:secret, :boolean => true) do + desc 'Whether to hide the value from Puppet logs. Defaults to `false`.' + + newvalues(:true, :false) + + defaultto false + end +end diff --git a/modules/puppet-dcdbsync/src/dcdbsync/manifests/openstack_api.pp b/modules/puppet-dcdbsync/src/dcdbsync/manifests/openstack_api.pp new file mode 100644 index 00000000..aaae7418 --- /dev/null +++ b/modules/puppet-dcdbsync/src/dcdbsync/manifests/openstack_api.pp @@ -0,0 +1,176 @@ +# +# Files in this package are licensed under Apache; see LICENSE file. +# +# Copyright (c) 2019 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +# == Class: dcdbsync::api +# +# Setup and configure the dcdbsync API endpoint +# +# === Parameters +# +# [*keystone_password*] +# The password to use for authentication (keystone) +# +# [*keystone_enabled*] +# (optional) Use keystone for authentification +# Defaults to true +# +# [*keystone_tenant*] +# (optional) The tenant of the auth user +# Defaults to services +# +# [*keystone_user*] +# (optional) The name of the auth user +# Defaults to dcdbsync +# +# [*keystone_auth_host*] +# (optional) The keystone host +# Defaults to localhost +# +# [*keystone_auth_port*] +# (optional) The keystone auth port +# Defaults to 5000 +# +# [*keystone_auth_protocol*] +# (optional) The protocol used to access the auth host +# Defaults to http. +# +# [*keystone_auth_admin_prefix*] +# (optional) The admin_prefix used to admin endpoint of the auth host +# This allow admin auth URIs like http://auth_host:5000/keystone. +# (where '/keystone' is the admin prefix) +# Defaults to false for empty. If defined, should be a string with a +# leading '/' and no trailing '/'. +# +# [*keystone_user_domain*] +# (Optional) domain name for auth user. +# Defaults to 'Default'. +# +# [*keystone_project_domain*] +# (Optional) domain name for auth project. +# Defaults to 'Default'. +# +# [*auth_type*] +# (Optional) Authentication type to load. +# Defaults to 'password'. +# +# [*bind_port*] +# (optional) The dcorch dbsync api port +# Defaults to 8220 +# +# [*package_ensure*] +# (optional) The state of the package +# Defaults to present +# +# [*bind_host*] +# (optional) The dcorch dbsync api bind address +# Defaults to 0.0.0.0 +# +# [*enabled*] +# (optional) The state of the service +# Defaults to true +# + +# dcdbsync instance for containerized openstack services +class dcdbsync::openstack_api ( + $keystone_password = '', + $keystone_enabled = true, + $keystone_tenant = 'service', + $keystone_user = 'dcdbsync', + $keystone_auth_host = 'keystone.openstack.svc.cluster.local', + $keystone_auth_port = '80', + $keystone_auth_protocol = 'http', + $keystone_auth_admin_prefix = false, + $keystone_auth_uri = false, + $keystone_auth_version = false, + $keystone_identity_uri = false, + $keystone_user_domain = 'Default', + $keystone_project_domain = 'Default', + $auth_type = 'password', + $package_ensure = 'latest', + $bind_host = '0.0.0.0', + $bind_port = 8220, + $enabled = false +) { + + include dcdbsync::params + + Dcdbsync_openstack_config<||> ~> Service['dcdbsync-openstack-api'] + + dcdbsync_openstack_config { + 'DEFAULT/bind_host': value => $bind_host; + 'DEFAULT/bind_port': value => $bind_port; + } + + if $keystone_identity_uri { + dcdbsync_openstack_config { 'keystone_authtoken/auth_url': value => $keystone_identity_uri; } + dcdbsync_openstack_config { 'cache/auth_uri': value => "${keystone_identity_uri}/v3"; } + } else { + dcdbsync_openstack_config { 'keystone_authtoken/auth_url': value => "${keystone_auth_protocol}://${keystone_auth_host}:${keystone_auth_port}/v3"; } + } + + if $keystone_auth_uri { + dcdbsync_openstack_config { 'keystone_authtoken/auth_uri': value => $keystone_auth_uri; } + } else { + dcdbsync_openstack_config { + 'keystone_authtoken/auth_uri': value => "${keystone_auth_protocol}://${keystone_auth_host}:${keystone_auth_port}/v3"; + } + } + + if $keystone_auth_version { + dcdbsync_openstack_config { 'keystone_authtoken/auth_version': value => $keystone_auth_version; } + } else { + dcdbsync_openstack_config { 'keystone_authtoken/auth_version': ensure => absent; } + } + + if $keystone_enabled { + dcdbsync_openstack_config { + 'DEFAULT/auth_strategy': value => 'keystone' ; + } + dcdbsync_openstack_config { + 'keystone_authtoken/auth_type': value => $auth_type; + 'keystone_authtoken/project_name': value => $keystone_tenant; + 'keystone_authtoken/username': value => $keystone_user; + 'keystone_authtoken/password': value => $keystone_password, secret=> true; + 'keystone_authtoken/user_domain_name': value => $keystone_user_domain; + 'keystone_authtoken/project_domain_name': value => $keystone_project_domain; + } + + if $keystone_auth_admin_prefix { + validate_re($keystone_auth_admin_prefix, '^(/.+[^/])?$') + dcdbsync_openstack_config { + 'keystone_authtoken/auth_admin_prefix': value => $keystone_auth_admin_prefix; + } + } else { + dcdbsync_openstack_config { + 'keystone_authtoken/auth_admin_prefix': ensure => absent; + } + } + } + else + { + dcdbsync_openstack_config { + 'DEFAULT/auth_strategy': value => 'noauth' ; + } + } + + if $enabled { + $ensure = 'running' + } else { + $ensure = 'stopped' + } + + service { 'dcdbsync-openstack-api': + ensure => $ensure, + name => $::dcdbsync::params::api_openstack_service, + enable => $enabled, + hasstatus => true, + hasrestart => true, + tag => 'dcdbsync-openstack-api', + } + Keystone_endpoint<||> -> Service['dcdbsync-openstack-api'] +} diff --git a/modules/puppet-dcdbsync/src/dcdbsync/manifests/openstack_cleanup.pp b/modules/puppet-dcdbsync/src/dcdbsync/manifests/openstack_cleanup.pp new file mode 100644 index 00000000..c55bd4c7 --- /dev/null +++ b/modules/puppet-dcdbsync/src/dcdbsync/manifests/openstack_cleanup.pp @@ -0,0 +1,23 @@ +# +# Files in this package are licensed under Apache; see LICENSE file. +# +# Copyright (c) 2019 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# +# Jan 2019 Creation based off puppet-sysinv +# + +# +# == Parameters +# + +# cleanup openstack dcdbsync instance +class dcdbsync::openstack_cleanup { + + include dcdbsync::params + + file { $::dcdbsync::params::openstack_conf_file: + ensure => absent, + } +} diff --git a/modules/puppet-dcdbsync/src/dcdbsync/manifests/openstack_init.pp b/modules/puppet-dcdbsync/src/dcdbsync/manifests/openstack_init.pp new file mode 100644 index 00000000..1fd73663 --- /dev/null +++ b/modules/puppet-dcdbsync/src/dcdbsync/manifests/openstack_init.pp @@ -0,0 +1,78 @@ +# +# Files in this package are licensed under Apache; see LICENSE file. +# +# Copyright (c) 2019 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# +# Jan 2019 Creation based off puppet-sysinv +# + +# +# == Parameters +# +# [use_syslog] +# Use syslog for logging. +# (Optional) Defaults to false. +# +# [log_facility] +# Syslog facility to receive log lines. +# (Optional) Defaults to LOG_USER. + +# dcdbsync instance for containerized openstack services +class dcdbsync::openstack_init ( + $database_connection = '', + $database_idle_timeout = 3600, + $database_max_pool_size = 5, + $database_max_overflow = 10, + $package_ensure = 'present', + $use_stderr = false, + $log_file = 'dcdbsync_openstack.log', + $log_dir = '/var/log/dcdbsync', + $use_syslog = false, + $log_facility = 'LOG_USER', + $verbose = false, + $debug = false, + $region_name = 'RegionOne', +) { + + include dcdbsync::params + + file { $::dcdbsync::params::openstack_conf_file: + ensure => present, + mode => '0600', + } + + dcdbsync_openstack_config { + 'DEFAULT/verbose': value => $verbose; + 'DEFAULT/debug': value => $debug; + } + + # Automatically add psycopg2 driver to postgresql (only does this if it is missing) + $real_connection = regsubst($database_connection,'^mysql:','mysql+pymysql:') + + dcdbsync_openstack_config { + 'database/connection': value => $real_connection, secret => true; + 'database/idle_timeout': value => $database_idle_timeout; + 'database/max_pool_size': value => $database_max_pool_size; + 'database/max_overflow': value => $database_max_overflow; + } + + if $use_syslog { + dcdbsync_openstack_config { + 'DEFAULT/use_syslog': value => true; + 'DEFAULT/syslog_log_facility': value => $log_facility; + } + } else { + dcdbsync_openstack_config { + 'DEFAULT/use_syslog': value => false; + 'DEFAULT/use_stderr': value => false; + 'DEFAULT/log_file' : value => $log_file; + 'DEFAULT/log_dir' : value => $log_dir; + } + } + + dcdbsync_openstack_config { + 'keystone_authtoken/region_name': value => $region_name; + } +} diff --git a/modules/puppet-dcdbsync/src/dcdbsync/manifests/params.pp b/modules/puppet-dcdbsync/src/dcdbsync/manifests/params.pp index 1e22b49c..9f859a21 100644 --- a/modules/puppet-dcdbsync/src/dcdbsync/manifests/params.pp +++ b/modules/puppet-dcdbsync/src/dcdbsync/manifests/params.pp @@ -11,17 +11,20 @@ class dcdbsync::params { $conf_dir = '/etc/dcdbsync' $conf_file = '/etc/dcdbsync/dcdbsync.conf' + $openstack_conf_file = '/etc/dcdbsync/dcdbsync_openstack.conf' if $::osfamily == 'Debian' { - $package_name = 'distributedcloud-dcdbsync' - $api_package = 'distributedcloud-dcdbsync' - $api_service = 'dcdbsync-api' + $package_name = 'distributedcloud-dcdbsync' + $api_package = 'distributedcloud-dcdbsync' + $api_service = 'dcdbsync-api' + $api_openstack_service = 'dcdbsync-openstack-api' } elsif($::osfamily == 'RedHat') { - $package_name = 'distributedcloud-dcdbsync' - $api_package = false - $api_service = 'dcdbsync-api' + $package_name = 'distributedcloud-dcdbsync' + $api_package = false + $api_service = 'dcdbsync-api' + $api_openstack_service = 'dcdbsync-openstack-api' } else { fail("Unsupported osfamily ${::osfamily}") diff --git a/puppet-manifests/src/hieradata/controller.yaml b/puppet-manifests/src/hieradata/controller.yaml index dc160d6d..21c538e5 100644 --- a/puppet-manifests/src/hieradata/controller.yaml +++ b/puppet-manifests/src/hieradata/controller.yaml @@ -211,10 +211,14 @@ dcmanager::use_syslog: true dcmanager::log_facility: 'local2' dcmanager::debug: false -# Dcdbsync -dbsync::use_syslog: true -dbsync::log_facility: 'local2' -dbsync::debug: false +# Dcdbsync instance for platform services +dcdbsync::use_syslog: true +dcdbsync::log_facility: 'local2' +dcdbsync::debug: false +# Dcdbsync instance for containerized openstack services +dcdbsync::openstack_init::use_syslog: true +dcdbsync::openstack_init::log_facility: 'local3' +dcdbsync::openstack_init::debug: false # FM fm::use_syslog: true diff --git a/puppet-manifests/src/modules/platform/manifests/dcdbsync.pp b/puppet-manifests/src/modules/platform/manifests/dcdbsync.pp index dafc15d1..789b3fba 100644 --- a/puppet-manifests/src/modules/platform/manifests/dcdbsync.pp +++ b/puppet-manifests/src/modules/platform/manifests/dcdbsync.pp @@ -1,5 +1,6 @@ class platform::dcdbsync::params ( $api_port = 8219, + $api_openstack_port = 8220, $region_name = undef, $service_create = false, $service_enabled = false, @@ -42,3 +43,30 @@ class platform::dcdbsync::api } } +class platform::dcdbsync::stx_openstack::runtime + inherits ::platform::dcdbsync::params { + if ($::platform::params::distributed_cloud_role == 'systemcontroller' or + $::platform::params::distributed_cloud_role == 'subcloud') { + if $service_create and + $::platform::params::stx_openstack_applied { + + include ::platform::network::mgmt::params + + $api_host = $::platform::network::mgmt::params::controller_address + $api_fqdn = $::platform::params::controller_hostname + $url_host = "http://${api_fqdn}:${api_openstack_port}" + + class { '::dcdbsync::openstack_init': } + class { '::dcdbsync::openstack_api': + keystone_tenant => 'service', + keystone_user_domain => 'service', + keystone_project_domain => 'service', + bind_host => $api_host, + bind_port => $api_openstack_port, + enabled => $service_enabled, + } + } else { + class { '::dcdbsync::openstack_cleanup': } + } + } +} diff --git a/puppet-manifests/src/modules/platform/manifests/sm.pp b/puppet-manifests/src/modules/platform/manifests/sm.pp index ece0fc2b..a9514eff 100644 --- a/puppet-manifests/src/modules/platform/manifests/sm.pp +++ b/puppet-manifests/src/modules/platform/manifests/sm.pp @@ -424,6 +424,9 @@ class platform::sm -> exec { 'Configure OpenStack - DCDBsync-API': command => "sm-configure service_instance dcdbsync-api dcdbsync-api \"\"", } + -> exec { 'Configure OpenStack - DCDBsync-openstack-API': + command => "sm-configure service_instance dcdbsync-openstack-api dcdbsync-openstack-api \"config=/etc/dcdbsync/dcdbsync_openstack.conf\"", + } # Deprovision Horizon when running as a subcloud exec { 'Deprovision OpenStack - Horizon (service-group-member)': command => 'sm-deprovision service-group-member web-services horizon', @@ -891,6 +894,9 @@ class platform::sm -> exec { 'Configure OpenStack - DCDBsync-API': command => "sm-configure service_instance dcdbsync-api dcdbsync-api \"\"", } + -> exec { 'Configure OpenStack - DCDBsync-openstack-API': + command => "sm-configure service_instance dcdbsync-openstack-api dcdbsync-openstack-api \"config=/etc/dcdbsync/dcdbsync_openstack.conf\"", + } } # lint:endignore:140chars @@ -955,6 +961,13 @@ class platform::sm::stx_openstack::runtime { exec { 'provision guest-agent service group member': command => 'sm-provision service-group-member controller-services guest-agent --apply' } + # Configure openstack dcdbsync for systemcontroller and subcloud + if ($::platform::params::distributed_cloud_role =='systemcontroller') or + ($::platform::params::distributed_cloud_role =='subcloud') { + exec { 'provision distributed-cloud service group member': + command => 'sm-provision service-group-member distributed-cloud-services dcdbsync-openstack-api --apply' + } + } } else { exec { 'deprovision service group member': command => 'sm-deprovision service-group-member cloud-services dbmon --apply' @@ -962,6 +975,14 @@ class platform::sm::stx_openstack::runtime { exec { 'deprovision guest-agent service group member': command => 'sm-deprovision service-group-member controller-services guest-agent --apply' } + exec { 'deprovision distributed-cloud service group member': + command => 'sm-deprovision service-group-member distributed-cloud-services dcdbsync-openstack-api --apply' + } + -> exec { 'stop distributed-cloud service group member': + environment => ['OCF_FUNCTIONS_DIR=/usr/lib/ocf/lib/heartbeat/', + 'OCF_RESKEY_pid=/var/run/resource-agents/dcdbsync-openstack-api.pid'], + command => '/usr/lib/ocf/resource.d/openstack/dcdbsync-api stop', + } } }