dcdbsync for containerized openstack services - puppet

This update contains changes to deploy and config the dcdbsync instance
for containerized openstack services, including:

- Added a set of puppet modules to generate configuration file for the
  openstack dcdbsync instance to run on platform.
- Updated dcdbsync puppet with runtime classes to be called after
  stx-openstack application is succussfully applied to generate the
  configuration for openstack dcdbsync instance, and to remove the
  configuration file once stx-openstack is removed. The dcdbsync
  instance for openstack is also deprovisioned and stopped once
  stx-openstack is removed.
- Update sm runtime puppet to provision/deprovision the openstack
  dcdbsync service.

The overall procedure is, during stx-openstack app application,
dcdbsync identities will be created in containerized keystone. After
stx-openstack is successfully applied the dcdbsync runtime puppet is
called to generate the configuration file for openstack dcdbsync
instance with some information retrieved from helm (particularly
keystone passwords). Finally sm runtime is called to bring up the
dcdbsync service into running. When stx-openstack app is removed,
openstack dcdbsync instance will be cleanup with configuration file
removed and service deprovisioned and stopped.

Change-Id: I6119a3c37b1c534c8f8059c0939609e4f4b031b7
Story: 2004766
Task: 36104
Signed-off-by: Andy Ning <andy.ning@windriver.com>
This commit is contained in:
Andy Ning 2019-07-16 13:57:52 -04:00
parent ecdc0fd5d9
commit 8b70875adf
9 changed files with 432 additions and 10 deletions

View File

@ -0,0 +1,37 @@
#
# Files in this package are licensed under Apache; see LICENSE file.
#
# Copyright (c) 2019 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
# Jan 2019 Creation based off puppet-sysinv
#
Puppet::Type.type(:dcdbsync_openstack_config).provide(
:ini_setting,
:parent => Puppet::Type.type(:ini_setting).provider(:ruby)
) do
def section
resource[:name].split('/', 2).first
end
def setting
resource[:name].split('/', 2).last
end
def separator
'='
end
def self.file_path
'/etc/dcdbsync/dcdbsync_openstack.conf'
end
# added for backwards compatibility with older versions of inifile
def file_path
self.class.file_path
end
end

View File

@ -0,0 +1,52 @@
#
# Files in this package are licensed under Apache; see LICENSE file.
#
# Copyright (c) 2019 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
# Jan 2019 Creation based off puppet-sysinv
#
Puppet::Type.newtype(:dcdbsync_openstack_config) do
ensurable
newparam(:name, :namevar => true) do
desc 'Section/setting name to manage from /etc/dcdbsync/dcdbsync_openstack.conf'
newvalues(/\S+\/\S+/)
end
newproperty(:value) do
desc 'The value of the setting to be defined.'
munge do |value|
value = value.to_s.strip
value.capitalize! if value =~ /^(true|false)$/i
value
end
def is_to_s( currentvalue )
if resource.secret?
return '[old secret redacted]'
else
return currentvalue
end
end
def should_to_s( newvalue )
if resource.secret?
return '[new secret redacted]'
else
return newvalue
end
end
end
newparam(:secret, :boolean => true) do
desc 'Whether to hide the value from Puppet logs. Defaults to `false`.'
newvalues(:true, :false)
defaultto false
end
end

View File

@ -0,0 +1,176 @@
#
# Files in this package are licensed under Apache; see LICENSE file.
#
# Copyright (c) 2019 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
# == Class: dcdbsync::api
#
# Setup and configure the dcdbsync API endpoint
#
# === Parameters
#
# [*keystone_password*]
# The password to use for authentication (keystone)
#
# [*keystone_enabled*]
# (optional) Use keystone for authentification
# Defaults to true
#
# [*keystone_tenant*]
# (optional) The tenant of the auth user
# Defaults to services
#
# [*keystone_user*]
# (optional) The name of the auth user
# Defaults to dcdbsync
#
# [*keystone_auth_host*]
# (optional) The keystone host
# Defaults to localhost
#
# [*keystone_auth_port*]
# (optional) The keystone auth port
# Defaults to 5000
#
# [*keystone_auth_protocol*]
# (optional) The protocol used to access the auth host
# Defaults to http.
#
# [*keystone_auth_admin_prefix*]
# (optional) The admin_prefix used to admin endpoint of the auth host
# This allow admin auth URIs like http://auth_host:5000/keystone.
# (where '/keystone' is the admin prefix)
# Defaults to false for empty. If defined, should be a string with a
# leading '/' and no trailing '/'.
#
# [*keystone_user_domain*]
# (Optional) domain name for auth user.
# Defaults to 'Default'.
#
# [*keystone_project_domain*]
# (Optional) domain name for auth project.
# Defaults to 'Default'.
#
# [*auth_type*]
# (Optional) Authentication type to load.
# Defaults to 'password'.
#
# [*bind_port*]
# (optional) The dcorch dbsync api port
# Defaults to 8220
#
# [*package_ensure*]
# (optional) The state of the package
# Defaults to present
#
# [*bind_host*]
# (optional) The dcorch dbsync api bind address
# Defaults to 0.0.0.0
#
# [*enabled*]
# (optional) The state of the service
# Defaults to true
#
# dcdbsync instance for containerized openstack services
class dcdbsync::openstack_api (
$keystone_password = '',
$keystone_enabled = true,
$keystone_tenant = 'service',
$keystone_user = 'dcdbsync',
$keystone_auth_host = 'keystone.openstack.svc.cluster.local',
$keystone_auth_port = '80',
$keystone_auth_protocol = 'http',
$keystone_auth_admin_prefix = false,
$keystone_auth_uri = false,
$keystone_auth_version = false,
$keystone_identity_uri = false,
$keystone_user_domain = 'Default',
$keystone_project_domain = 'Default',
$auth_type = 'password',
$package_ensure = 'latest',
$bind_host = '0.0.0.0',
$bind_port = 8220,
$enabled = false
) {
include dcdbsync::params
Dcdbsync_openstack_config<||> ~> Service['dcdbsync-openstack-api']
dcdbsync_openstack_config {
'DEFAULT/bind_host': value => $bind_host;
'DEFAULT/bind_port': value => $bind_port;
}
if $keystone_identity_uri {
dcdbsync_openstack_config { 'keystone_authtoken/auth_url': value => $keystone_identity_uri; }
dcdbsync_openstack_config { 'cache/auth_uri': value => "${keystone_identity_uri}/v3"; }
} else {
dcdbsync_openstack_config { 'keystone_authtoken/auth_url': value => "${keystone_auth_protocol}://${keystone_auth_host}:${keystone_auth_port}/v3"; }
}
if $keystone_auth_uri {
dcdbsync_openstack_config { 'keystone_authtoken/auth_uri': value => $keystone_auth_uri; }
} else {
dcdbsync_openstack_config {
'keystone_authtoken/auth_uri': value => "${keystone_auth_protocol}://${keystone_auth_host}:${keystone_auth_port}/v3";
}
}
if $keystone_auth_version {
dcdbsync_openstack_config { 'keystone_authtoken/auth_version': value => $keystone_auth_version; }
} else {
dcdbsync_openstack_config { 'keystone_authtoken/auth_version': ensure => absent; }
}
if $keystone_enabled {
dcdbsync_openstack_config {
'DEFAULT/auth_strategy': value => 'keystone' ;
}
dcdbsync_openstack_config {
'keystone_authtoken/auth_type': value => $auth_type;
'keystone_authtoken/project_name': value => $keystone_tenant;
'keystone_authtoken/username': value => $keystone_user;
'keystone_authtoken/password': value => $keystone_password, secret=> true;
'keystone_authtoken/user_domain_name': value => $keystone_user_domain;
'keystone_authtoken/project_domain_name': value => $keystone_project_domain;
}
if $keystone_auth_admin_prefix {
validate_re($keystone_auth_admin_prefix, '^(/.+[^/])?$')
dcdbsync_openstack_config {
'keystone_authtoken/auth_admin_prefix': value => $keystone_auth_admin_prefix;
}
} else {
dcdbsync_openstack_config {
'keystone_authtoken/auth_admin_prefix': ensure => absent;
}
}
}
else
{
dcdbsync_openstack_config {
'DEFAULT/auth_strategy': value => 'noauth' ;
}
}
if $enabled {
$ensure = 'running'
} else {
$ensure = 'stopped'
}
service { 'dcdbsync-openstack-api':
ensure => $ensure,
name => $::dcdbsync::params::api_openstack_service,
enable => $enabled,
hasstatus => true,
hasrestart => true,
tag => 'dcdbsync-openstack-api',
}
Keystone_endpoint<||> -> Service['dcdbsync-openstack-api']
}

View File

@ -0,0 +1,23 @@
#
# Files in this package are licensed under Apache; see LICENSE file.
#
# Copyright (c) 2019 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
# Jan 2019 Creation based off puppet-sysinv
#
#
# == Parameters
#
# cleanup openstack dcdbsync instance
class dcdbsync::openstack_cleanup {
include dcdbsync::params
file { $::dcdbsync::params::openstack_conf_file:
ensure => absent,
}
}

View File

@ -0,0 +1,78 @@
#
# Files in this package are licensed under Apache; see LICENSE file.
#
# Copyright (c) 2019 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
# Jan 2019 Creation based off puppet-sysinv
#
#
# == Parameters
#
# [use_syslog]
# Use syslog for logging.
# (Optional) Defaults to false.
#
# [log_facility]
# Syslog facility to receive log lines.
# (Optional) Defaults to LOG_USER.
# dcdbsync instance for containerized openstack services
class dcdbsync::openstack_init (
$database_connection = '',
$database_idle_timeout = 3600,
$database_max_pool_size = 5,
$database_max_overflow = 10,
$package_ensure = 'present',
$use_stderr = false,
$log_file = 'dcdbsync_openstack.log',
$log_dir = '/var/log/dcdbsync',
$use_syslog = false,
$log_facility = 'LOG_USER',
$verbose = false,
$debug = false,
$region_name = 'RegionOne',
) {
include dcdbsync::params
file { $::dcdbsync::params::openstack_conf_file:
ensure => present,
mode => '0600',
}
dcdbsync_openstack_config {
'DEFAULT/verbose': value => $verbose;
'DEFAULT/debug': value => $debug;
}
# Automatically add psycopg2 driver to postgresql (only does this if it is missing)
$real_connection = regsubst($database_connection,'^mysql:','mysql+pymysql:')
dcdbsync_openstack_config {
'database/connection': value => $real_connection, secret => true;
'database/idle_timeout': value => $database_idle_timeout;
'database/max_pool_size': value => $database_max_pool_size;
'database/max_overflow': value => $database_max_overflow;
}
if $use_syslog {
dcdbsync_openstack_config {
'DEFAULT/use_syslog': value => true;
'DEFAULT/syslog_log_facility': value => $log_facility;
}
} else {
dcdbsync_openstack_config {
'DEFAULT/use_syslog': value => false;
'DEFAULT/use_stderr': value => false;
'DEFAULT/log_file' : value => $log_file;
'DEFAULT/log_dir' : value => $log_dir;
}
}
dcdbsync_openstack_config {
'keystone_authtoken/region_name': value => $region_name;
}
}

View File

@ -11,17 +11,20 @@ class dcdbsync::params {
$conf_dir = '/etc/dcdbsync'
$conf_file = '/etc/dcdbsync/dcdbsync.conf'
$openstack_conf_file = '/etc/dcdbsync/dcdbsync_openstack.conf'
if $::osfamily == 'Debian' {
$package_name = 'distributedcloud-dcdbsync'
$api_package = 'distributedcloud-dcdbsync'
$api_service = 'dcdbsync-api'
$api_openstack_service = 'dcdbsync-openstack-api'
} elsif($::osfamily == 'RedHat') {
$package_name = 'distributedcloud-dcdbsync'
$api_package = false
$api_service = 'dcdbsync-api'
$api_openstack_service = 'dcdbsync-openstack-api'
} else {
fail("Unsupported osfamily ${::osfamily}")

View File

@ -211,10 +211,14 @@ dcmanager::use_syslog: true
dcmanager::log_facility: 'local2'
dcmanager::debug: false
# Dcdbsync
dbsync::use_syslog: true
dbsync::log_facility: 'local2'
dbsync::debug: false
# Dcdbsync instance for platform services
dcdbsync::use_syslog: true
dcdbsync::log_facility: 'local2'
dcdbsync::debug: false
# Dcdbsync instance for containerized openstack services
dcdbsync::openstack_init::use_syslog: true
dcdbsync::openstack_init::log_facility: 'local3'
dcdbsync::openstack_init::debug: false
# FM
fm::use_syslog: true

View File

@ -1,5 +1,6 @@
class platform::dcdbsync::params (
$api_port = 8219,
$api_openstack_port = 8220,
$region_name = undef,
$service_create = false,
$service_enabled = false,
@ -42,3 +43,30 @@ class platform::dcdbsync::api
}
}
class platform::dcdbsync::stx_openstack::runtime
inherits ::platform::dcdbsync::params {
if ($::platform::params::distributed_cloud_role == 'systemcontroller' or
$::platform::params::distributed_cloud_role == 'subcloud') {
if $service_create and
$::platform::params::stx_openstack_applied {
include ::platform::network::mgmt::params
$api_host = $::platform::network::mgmt::params::controller_address
$api_fqdn = $::platform::params::controller_hostname
$url_host = "http://${api_fqdn}:${api_openstack_port}"
class { '::dcdbsync::openstack_init': }
class { '::dcdbsync::openstack_api':
keystone_tenant => 'service',
keystone_user_domain => 'service',
keystone_project_domain => 'service',
bind_host => $api_host,
bind_port => $api_openstack_port,
enabled => $service_enabled,
}
} else {
class { '::dcdbsync::openstack_cleanup': }
}
}
}

View File

@ -424,6 +424,9 @@ class platform::sm
-> exec { 'Configure OpenStack - DCDBsync-API':
command => "sm-configure service_instance dcdbsync-api dcdbsync-api \"\"",
}
-> exec { 'Configure OpenStack - DCDBsync-openstack-API':
command => "sm-configure service_instance dcdbsync-openstack-api dcdbsync-openstack-api \"config=/etc/dcdbsync/dcdbsync_openstack.conf\"",
}
# Deprovision Horizon when running as a subcloud
exec { 'Deprovision OpenStack - Horizon (service-group-member)':
command => 'sm-deprovision service-group-member web-services horizon',
@ -891,6 +894,9 @@ class platform::sm
-> exec { 'Configure OpenStack - DCDBsync-API':
command => "sm-configure service_instance dcdbsync-api dcdbsync-api \"\"",
}
-> exec { 'Configure OpenStack - DCDBsync-openstack-API':
command => "sm-configure service_instance dcdbsync-openstack-api dcdbsync-openstack-api \"config=/etc/dcdbsync/dcdbsync_openstack.conf\"",
}
}
# lint:endignore:140chars
@ -955,6 +961,13 @@ class platform::sm::stx_openstack::runtime {
exec { 'provision guest-agent service group member':
command => 'sm-provision service-group-member controller-services guest-agent --apply'
}
# Configure openstack dcdbsync for systemcontroller and subcloud
if ($::platform::params::distributed_cloud_role =='systemcontroller') or
($::platform::params::distributed_cloud_role =='subcloud') {
exec { 'provision distributed-cloud service group member':
command => 'sm-provision service-group-member distributed-cloud-services dcdbsync-openstack-api --apply'
}
}
} else {
exec { 'deprovision service group member':
command => 'sm-deprovision service-group-member cloud-services dbmon --apply'
@ -962,6 +975,14 @@ class platform::sm::stx_openstack::runtime {
exec { 'deprovision guest-agent service group member':
command => 'sm-deprovision service-group-member controller-services guest-agent --apply'
}
exec { 'deprovision distributed-cloud service group member':
command => 'sm-deprovision service-group-member distributed-cloud-services dcdbsync-openstack-api --apply'
}
-> exec { 'stop distributed-cloud service group member':
environment => ['OCF_FUNCTIONS_DIR=/usr/lib/ocf/lib/heartbeat/',
'OCF_RESKEY_pid=/var/run/resource-agents/dcdbsync-openstack-api.pid'],
command => '/usr/lib/ocf/resource.d/openstack/dcdbsync-api stop',
}
}
}