dcdbsync for containerized openstack services - puppet
This update contains changes to deploy and config the dcdbsync instance for containerized openstack services, including: - Added a set of puppet modules to generate configuration file for the openstack dcdbsync instance to run on platform. - Updated dcdbsync puppet with runtime classes to be called after stx-openstack application is succussfully applied to generate the configuration for openstack dcdbsync instance, and to remove the configuration file once stx-openstack is removed. The dcdbsync instance for openstack is also deprovisioned and stopped once stx-openstack is removed. - Update sm runtime puppet to provision/deprovision the openstack dcdbsync service. The overall procedure is, during stx-openstack app application, dcdbsync identities will be created in containerized keystone. After stx-openstack is successfully applied the dcdbsync runtime puppet is called to generate the configuration file for openstack dcdbsync instance with some information retrieved from helm (particularly keystone passwords). Finally sm runtime is called to bring up the dcdbsync service into running. When stx-openstack app is removed, openstack dcdbsync instance will be cleanup with configuration file removed and service deprovisioned and stopped. Change-Id: I6119a3c37b1c534c8f8059c0939609e4f4b031b7 Story: 2004766 Task: 36104 Signed-off-by: Andy Ning <andy.ning@windriver.com>
This commit is contained in:
parent
ecdc0fd5d9
commit
8b70875adf
@ -0,0 +1,37 @@
|
||||
#
|
||||
# Files in this package are licensed under Apache; see LICENSE file.
|
||||
#
|
||||
# Copyright (c) 2019 Wind River Systems, Inc.
|
||||
#
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
#
|
||||
# Jan 2019 Creation based off puppet-sysinv
|
||||
#
|
||||
|
||||
Puppet::Type.type(:dcdbsync_openstack_config).provide(
|
||||
:ini_setting,
|
||||
:parent => Puppet::Type.type(:ini_setting).provider(:ruby)
|
||||
) do
|
||||
|
||||
def section
|
||||
resource[:name].split('/', 2).first
|
||||
end
|
||||
|
||||
def setting
|
||||
resource[:name].split('/', 2).last
|
||||
end
|
||||
|
||||
def separator
|
||||
'='
|
||||
end
|
||||
|
||||
def self.file_path
|
||||
'/etc/dcdbsync/dcdbsync_openstack.conf'
|
||||
end
|
||||
|
||||
# added for backwards compatibility with older versions of inifile
|
||||
def file_path
|
||||
self.class.file_path
|
||||
end
|
||||
|
||||
end
|
@ -0,0 +1,52 @@
|
||||
#
|
||||
# Files in this package are licensed under Apache; see LICENSE file.
|
||||
#
|
||||
# Copyright (c) 2019 Wind River Systems, Inc.
|
||||
#
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
#
|
||||
# Jan 2019 Creation based off puppet-sysinv
|
||||
#
|
||||
|
||||
Puppet::Type.newtype(:dcdbsync_openstack_config) do
|
||||
|
||||
ensurable
|
||||
|
||||
newparam(:name, :namevar => true) do
|
||||
desc 'Section/setting name to manage from /etc/dcdbsync/dcdbsync_openstack.conf'
|
||||
newvalues(/\S+\/\S+/)
|
||||
end
|
||||
|
||||
newproperty(:value) do
|
||||
desc 'The value of the setting to be defined.'
|
||||
munge do |value|
|
||||
value = value.to_s.strip
|
||||
value.capitalize! if value =~ /^(true|false)$/i
|
||||
value
|
||||
end
|
||||
|
||||
def is_to_s( currentvalue )
|
||||
if resource.secret?
|
||||
return '[old secret redacted]'
|
||||
else
|
||||
return currentvalue
|
||||
end
|
||||
end
|
||||
|
||||
def should_to_s( newvalue )
|
||||
if resource.secret?
|
||||
return '[new secret redacted]'
|
||||
else
|
||||
return newvalue
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
newparam(:secret, :boolean => true) do
|
||||
desc 'Whether to hide the value from Puppet logs. Defaults to `false`.'
|
||||
|
||||
newvalues(:true, :false)
|
||||
|
||||
defaultto false
|
||||
end
|
||||
end
|
176
modules/puppet-dcdbsync/src/dcdbsync/manifests/openstack_api.pp
Normal file
176
modules/puppet-dcdbsync/src/dcdbsync/manifests/openstack_api.pp
Normal file
@ -0,0 +1,176 @@
|
||||
#
|
||||
# Files in this package are licensed under Apache; see LICENSE file.
|
||||
#
|
||||
# Copyright (c) 2019 Wind River Systems, Inc.
|
||||
#
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
#
|
||||
|
||||
# == Class: dcdbsync::api
|
||||
#
|
||||
# Setup and configure the dcdbsync API endpoint
|
||||
#
|
||||
# === Parameters
|
||||
#
|
||||
# [*keystone_password*]
|
||||
# The password to use for authentication (keystone)
|
||||
#
|
||||
# [*keystone_enabled*]
|
||||
# (optional) Use keystone for authentification
|
||||
# Defaults to true
|
||||
#
|
||||
# [*keystone_tenant*]
|
||||
# (optional) The tenant of the auth user
|
||||
# Defaults to services
|
||||
#
|
||||
# [*keystone_user*]
|
||||
# (optional) The name of the auth user
|
||||
# Defaults to dcdbsync
|
||||
#
|
||||
# [*keystone_auth_host*]
|
||||
# (optional) The keystone host
|
||||
# Defaults to localhost
|
||||
#
|
||||
# [*keystone_auth_port*]
|
||||
# (optional) The keystone auth port
|
||||
# Defaults to 5000
|
||||
#
|
||||
# [*keystone_auth_protocol*]
|
||||
# (optional) The protocol used to access the auth host
|
||||
# Defaults to http.
|
||||
#
|
||||
# [*keystone_auth_admin_prefix*]
|
||||
# (optional) The admin_prefix used to admin endpoint of the auth host
|
||||
# This allow admin auth URIs like http://auth_host:5000/keystone.
|
||||
# (where '/keystone' is the admin prefix)
|
||||
# Defaults to false for empty. If defined, should be a string with a
|
||||
# leading '/' and no trailing '/'.
|
||||
#
|
||||
# [*keystone_user_domain*]
|
||||
# (Optional) domain name for auth user.
|
||||
# Defaults to 'Default'.
|
||||
#
|
||||
# [*keystone_project_domain*]
|
||||
# (Optional) domain name for auth project.
|
||||
# Defaults to 'Default'.
|
||||
#
|
||||
# [*auth_type*]
|
||||
# (Optional) Authentication type to load.
|
||||
# Defaults to 'password'.
|
||||
#
|
||||
# [*bind_port*]
|
||||
# (optional) The dcorch dbsync api port
|
||||
# Defaults to 8220
|
||||
#
|
||||
# [*package_ensure*]
|
||||
# (optional) The state of the package
|
||||
# Defaults to present
|
||||
#
|
||||
# [*bind_host*]
|
||||
# (optional) The dcorch dbsync api bind address
|
||||
# Defaults to 0.0.0.0
|
||||
#
|
||||
# [*enabled*]
|
||||
# (optional) The state of the service
|
||||
# Defaults to true
|
||||
#
|
||||
|
||||
# dcdbsync instance for containerized openstack services
|
||||
class dcdbsync::openstack_api (
|
||||
$keystone_password = '',
|
||||
$keystone_enabled = true,
|
||||
$keystone_tenant = 'service',
|
||||
$keystone_user = 'dcdbsync',
|
||||
$keystone_auth_host = 'keystone.openstack.svc.cluster.local',
|
||||
$keystone_auth_port = '80',
|
||||
$keystone_auth_protocol = 'http',
|
||||
$keystone_auth_admin_prefix = false,
|
||||
$keystone_auth_uri = false,
|
||||
$keystone_auth_version = false,
|
||||
$keystone_identity_uri = false,
|
||||
$keystone_user_domain = 'Default',
|
||||
$keystone_project_domain = 'Default',
|
||||
$auth_type = 'password',
|
||||
$package_ensure = 'latest',
|
||||
$bind_host = '0.0.0.0',
|
||||
$bind_port = 8220,
|
||||
$enabled = false
|
||||
) {
|
||||
|
||||
include dcdbsync::params
|
||||
|
||||
Dcdbsync_openstack_config<||> ~> Service['dcdbsync-openstack-api']
|
||||
|
||||
dcdbsync_openstack_config {
|
||||
'DEFAULT/bind_host': value => $bind_host;
|
||||
'DEFAULT/bind_port': value => $bind_port;
|
||||
}
|
||||
|
||||
if $keystone_identity_uri {
|
||||
dcdbsync_openstack_config { 'keystone_authtoken/auth_url': value => $keystone_identity_uri; }
|
||||
dcdbsync_openstack_config { 'cache/auth_uri': value => "${keystone_identity_uri}/v3"; }
|
||||
} else {
|
||||
dcdbsync_openstack_config { 'keystone_authtoken/auth_url': value => "${keystone_auth_protocol}://${keystone_auth_host}:${keystone_auth_port}/v3"; }
|
||||
}
|
||||
|
||||
if $keystone_auth_uri {
|
||||
dcdbsync_openstack_config { 'keystone_authtoken/auth_uri': value => $keystone_auth_uri; }
|
||||
} else {
|
||||
dcdbsync_openstack_config {
|
||||
'keystone_authtoken/auth_uri': value => "${keystone_auth_protocol}://${keystone_auth_host}:${keystone_auth_port}/v3";
|
||||
}
|
||||
}
|
||||
|
||||
if $keystone_auth_version {
|
||||
dcdbsync_openstack_config { 'keystone_authtoken/auth_version': value => $keystone_auth_version; }
|
||||
} else {
|
||||
dcdbsync_openstack_config { 'keystone_authtoken/auth_version': ensure => absent; }
|
||||
}
|
||||
|
||||
if $keystone_enabled {
|
||||
dcdbsync_openstack_config {
|
||||
'DEFAULT/auth_strategy': value => 'keystone' ;
|
||||
}
|
||||
dcdbsync_openstack_config {
|
||||
'keystone_authtoken/auth_type': value => $auth_type;
|
||||
'keystone_authtoken/project_name': value => $keystone_tenant;
|
||||
'keystone_authtoken/username': value => $keystone_user;
|
||||
'keystone_authtoken/password': value => $keystone_password, secret=> true;
|
||||
'keystone_authtoken/user_domain_name': value => $keystone_user_domain;
|
||||
'keystone_authtoken/project_domain_name': value => $keystone_project_domain;
|
||||
}
|
||||
|
||||
if $keystone_auth_admin_prefix {
|
||||
validate_re($keystone_auth_admin_prefix, '^(/.+[^/])?$')
|
||||
dcdbsync_openstack_config {
|
||||
'keystone_authtoken/auth_admin_prefix': value => $keystone_auth_admin_prefix;
|
||||
}
|
||||
} else {
|
||||
dcdbsync_openstack_config {
|
||||
'keystone_authtoken/auth_admin_prefix': ensure => absent;
|
||||
}
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
dcdbsync_openstack_config {
|
||||
'DEFAULT/auth_strategy': value => 'noauth' ;
|
||||
}
|
||||
}
|
||||
|
||||
if $enabled {
|
||||
$ensure = 'running'
|
||||
} else {
|
||||
$ensure = 'stopped'
|
||||
}
|
||||
|
||||
service { 'dcdbsync-openstack-api':
|
||||
ensure => $ensure,
|
||||
name => $::dcdbsync::params::api_openstack_service,
|
||||
enable => $enabled,
|
||||
hasstatus => true,
|
||||
hasrestart => true,
|
||||
tag => 'dcdbsync-openstack-api',
|
||||
}
|
||||
Keystone_endpoint<||> -> Service['dcdbsync-openstack-api']
|
||||
}
|
@ -0,0 +1,23 @@
|
||||
#
|
||||
# Files in this package are licensed under Apache; see LICENSE file.
|
||||
#
|
||||
# Copyright (c) 2019 Wind River Systems, Inc.
|
||||
#
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
#
|
||||
# Jan 2019 Creation based off puppet-sysinv
|
||||
#
|
||||
|
||||
#
|
||||
# == Parameters
|
||||
#
|
||||
|
||||
# cleanup openstack dcdbsync instance
|
||||
class dcdbsync::openstack_cleanup {
|
||||
|
||||
include dcdbsync::params
|
||||
|
||||
file { $::dcdbsync::params::openstack_conf_file:
|
||||
ensure => absent,
|
||||
}
|
||||
}
|
@ -0,0 +1,78 @@
|
||||
#
|
||||
# Files in this package are licensed under Apache; see LICENSE file.
|
||||
#
|
||||
# Copyright (c) 2019 Wind River Systems, Inc.
|
||||
#
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
#
|
||||
# Jan 2019 Creation based off puppet-sysinv
|
||||
#
|
||||
|
||||
#
|
||||
# == Parameters
|
||||
#
|
||||
# [use_syslog]
|
||||
# Use syslog for logging.
|
||||
# (Optional) Defaults to false.
|
||||
#
|
||||
# [log_facility]
|
||||
# Syslog facility to receive log lines.
|
||||
# (Optional) Defaults to LOG_USER.
|
||||
|
||||
# dcdbsync instance for containerized openstack services
|
||||
class dcdbsync::openstack_init (
|
||||
$database_connection = '',
|
||||
$database_idle_timeout = 3600,
|
||||
$database_max_pool_size = 5,
|
||||
$database_max_overflow = 10,
|
||||
$package_ensure = 'present',
|
||||
$use_stderr = false,
|
||||
$log_file = 'dcdbsync_openstack.log',
|
||||
$log_dir = '/var/log/dcdbsync',
|
||||
$use_syslog = false,
|
||||
$log_facility = 'LOG_USER',
|
||||
$verbose = false,
|
||||
$debug = false,
|
||||
$region_name = 'RegionOne',
|
||||
) {
|
||||
|
||||
include dcdbsync::params
|
||||
|
||||
file { $::dcdbsync::params::openstack_conf_file:
|
||||
ensure => present,
|
||||
mode => '0600',
|
||||
}
|
||||
|
||||
dcdbsync_openstack_config {
|
||||
'DEFAULT/verbose': value => $verbose;
|
||||
'DEFAULT/debug': value => $debug;
|
||||
}
|
||||
|
||||
# Automatically add psycopg2 driver to postgresql (only does this if it is missing)
|
||||
$real_connection = regsubst($database_connection,'^mysql:','mysql+pymysql:')
|
||||
|
||||
dcdbsync_openstack_config {
|
||||
'database/connection': value => $real_connection, secret => true;
|
||||
'database/idle_timeout': value => $database_idle_timeout;
|
||||
'database/max_pool_size': value => $database_max_pool_size;
|
||||
'database/max_overflow': value => $database_max_overflow;
|
||||
}
|
||||
|
||||
if $use_syslog {
|
||||
dcdbsync_openstack_config {
|
||||
'DEFAULT/use_syslog': value => true;
|
||||
'DEFAULT/syslog_log_facility': value => $log_facility;
|
||||
}
|
||||
} else {
|
||||
dcdbsync_openstack_config {
|
||||
'DEFAULT/use_syslog': value => false;
|
||||
'DEFAULT/use_stderr': value => false;
|
||||
'DEFAULT/log_file' : value => $log_file;
|
||||
'DEFAULT/log_dir' : value => $log_dir;
|
||||
}
|
||||
}
|
||||
|
||||
dcdbsync_openstack_config {
|
||||
'keystone_authtoken/region_name': value => $region_name;
|
||||
}
|
||||
}
|
@ -11,17 +11,20 @@ class dcdbsync::params {
|
||||
|
||||
$conf_dir = '/etc/dcdbsync'
|
||||
$conf_file = '/etc/dcdbsync/dcdbsync.conf'
|
||||
$openstack_conf_file = '/etc/dcdbsync/dcdbsync_openstack.conf'
|
||||
|
||||
if $::osfamily == 'Debian' {
|
||||
$package_name = 'distributedcloud-dcdbsync'
|
||||
$api_package = 'distributedcloud-dcdbsync'
|
||||
$api_service = 'dcdbsync-api'
|
||||
$api_openstack_service = 'dcdbsync-openstack-api'
|
||||
|
||||
} elsif($::osfamily == 'RedHat') {
|
||||
|
||||
$package_name = 'distributedcloud-dcdbsync'
|
||||
$api_package = false
|
||||
$api_service = 'dcdbsync-api'
|
||||
$api_openstack_service = 'dcdbsync-openstack-api'
|
||||
|
||||
} else {
|
||||
fail("Unsupported osfamily ${::osfamily}")
|
||||
|
@ -211,10 +211,14 @@ dcmanager::use_syslog: true
|
||||
dcmanager::log_facility: 'local2'
|
||||
dcmanager::debug: false
|
||||
|
||||
# Dcdbsync
|
||||
dbsync::use_syslog: true
|
||||
dbsync::log_facility: 'local2'
|
||||
dbsync::debug: false
|
||||
# Dcdbsync instance for platform services
|
||||
dcdbsync::use_syslog: true
|
||||
dcdbsync::log_facility: 'local2'
|
||||
dcdbsync::debug: false
|
||||
# Dcdbsync instance for containerized openstack services
|
||||
dcdbsync::openstack_init::use_syslog: true
|
||||
dcdbsync::openstack_init::log_facility: 'local3'
|
||||
dcdbsync::openstack_init::debug: false
|
||||
|
||||
# FM
|
||||
fm::use_syslog: true
|
||||
|
@ -1,5 +1,6 @@
|
||||
class platform::dcdbsync::params (
|
||||
$api_port = 8219,
|
||||
$api_openstack_port = 8220,
|
||||
$region_name = undef,
|
||||
$service_create = false,
|
||||
$service_enabled = false,
|
||||
@ -42,3 +43,30 @@ class platform::dcdbsync::api
|
||||
}
|
||||
}
|
||||
|
||||
class platform::dcdbsync::stx_openstack::runtime
|
||||
inherits ::platform::dcdbsync::params {
|
||||
if ($::platform::params::distributed_cloud_role == 'systemcontroller' or
|
||||
$::platform::params::distributed_cloud_role == 'subcloud') {
|
||||
if $service_create and
|
||||
$::platform::params::stx_openstack_applied {
|
||||
|
||||
include ::platform::network::mgmt::params
|
||||
|
||||
$api_host = $::platform::network::mgmt::params::controller_address
|
||||
$api_fqdn = $::platform::params::controller_hostname
|
||||
$url_host = "http://${api_fqdn}:${api_openstack_port}"
|
||||
|
||||
class { '::dcdbsync::openstack_init': }
|
||||
class { '::dcdbsync::openstack_api':
|
||||
keystone_tenant => 'service',
|
||||
keystone_user_domain => 'service',
|
||||
keystone_project_domain => 'service',
|
||||
bind_host => $api_host,
|
||||
bind_port => $api_openstack_port,
|
||||
enabled => $service_enabled,
|
||||
}
|
||||
} else {
|
||||
class { '::dcdbsync::openstack_cleanup': }
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -424,6 +424,9 @@ class platform::sm
|
||||
-> exec { 'Configure OpenStack - DCDBsync-API':
|
||||
command => "sm-configure service_instance dcdbsync-api dcdbsync-api \"\"",
|
||||
}
|
||||
-> exec { 'Configure OpenStack - DCDBsync-openstack-API':
|
||||
command => "sm-configure service_instance dcdbsync-openstack-api dcdbsync-openstack-api \"config=/etc/dcdbsync/dcdbsync_openstack.conf\"",
|
||||
}
|
||||
# Deprovision Horizon when running as a subcloud
|
||||
exec { 'Deprovision OpenStack - Horizon (service-group-member)':
|
||||
command => 'sm-deprovision service-group-member web-services horizon',
|
||||
@ -891,6 +894,9 @@ class platform::sm
|
||||
-> exec { 'Configure OpenStack - DCDBsync-API':
|
||||
command => "sm-configure service_instance dcdbsync-api dcdbsync-api \"\"",
|
||||
}
|
||||
-> exec { 'Configure OpenStack - DCDBsync-openstack-API':
|
||||
command => "sm-configure service_instance dcdbsync-openstack-api dcdbsync-openstack-api \"config=/etc/dcdbsync/dcdbsync_openstack.conf\"",
|
||||
}
|
||||
}
|
||||
|
||||
# lint:endignore:140chars
|
||||
@ -955,6 +961,13 @@ class platform::sm::stx_openstack::runtime {
|
||||
exec { 'provision guest-agent service group member':
|
||||
command => 'sm-provision service-group-member controller-services guest-agent --apply'
|
||||
}
|
||||
# Configure openstack dcdbsync for systemcontroller and subcloud
|
||||
if ($::platform::params::distributed_cloud_role =='systemcontroller') or
|
||||
($::platform::params::distributed_cloud_role =='subcloud') {
|
||||
exec { 'provision distributed-cloud service group member':
|
||||
command => 'sm-provision service-group-member distributed-cloud-services dcdbsync-openstack-api --apply'
|
||||
}
|
||||
}
|
||||
} else {
|
||||
exec { 'deprovision service group member':
|
||||
command => 'sm-deprovision service-group-member cloud-services dbmon --apply'
|
||||
@ -962,6 +975,14 @@ class platform::sm::stx_openstack::runtime {
|
||||
exec { 'deprovision guest-agent service group member':
|
||||
command => 'sm-deprovision service-group-member controller-services guest-agent --apply'
|
||||
}
|
||||
exec { 'deprovision distributed-cloud service group member':
|
||||
command => 'sm-deprovision service-group-member distributed-cloud-services dcdbsync-openstack-api --apply'
|
||||
}
|
||||
-> exec { 'stop distributed-cloud service group member':
|
||||
environment => ['OCF_FUNCTIONS_DIR=/usr/lib/ocf/lib/heartbeat/',
|
||||
'OCF_RESKEY_pid=/var/run/resource-agents/dcdbsync-openstack-api.pid'],
|
||||
command => '/usr/lib/ocf/resource.d/openstack/dcdbsync-api stop',
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user