173 lines
5.4 KiB
Puppet
173 lines
5.4 KiB
Puppet
class platform::sysinv::params (
|
|
$api_port = 6385,
|
|
$region_name = undef,
|
|
$service_create = false,
|
|
$fm_catalog_info = 'faultmanagement:fm:internalURL',
|
|
$server_timeout = '600s',
|
|
) { }
|
|
|
|
class platform::sysinv
|
|
inherits ::platform::sysinv::params {
|
|
|
|
Anchor['platform::services'] -> Class[$name]
|
|
|
|
include ::platform::params
|
|
include ::platform::amqp::params
|
|
include ::platform::drbd::platform::params
|
|
|
|
# sysinv-agent is started on all hosts
|
|
include ::sysinv::agent
|
|
|
|
$keystone_key_repo_path = "${::platform::drbd::platform::params::mountpoint}/keystone"
|
|
|
|
group { 'sysinv':
|
|
ensure => 'present',
|
|
gid => '168',
|
|
}
|
|
|
|
-> user { 'sysinv':
|
|
ensure => 'present',
|
|
comment => 'sysinv Daemons',
|
|
gid => '168',
|
|
groups => ['nobody', 'sysinv', 'sys_protected'],
|
|
home => '/var/lib/sysinv',
|
|
password => '!!',
|
|
password_max_age => '-1',
|
|
password_min_age => '-1',
|
|
shell => '/sbin/nologin',
|
|
uid => '168',
|
|
}
|
|
|
|
-> file { '/etc/sysinv':
|
|
ensure => 'directory',
|
|
owner => 'sysinv',
|
|
group => 'sysinv',
|
|
mode => '0750',
|
|
}
|
|
|
|
-> class { '::sysinv':
|
|
rabbit_host => $::platform::amqp::params::host_url,
|
|
rabbit_port => $::platform::amqp::params::port,
|
|
rabbit_userid => $::platform::amqp::params::auth_user,
|
|
rabbit_password => $::platform::amqp::params::auth_password,
|
|
fm_catalog_info => $fm_catalog_info,
|
|
fernet_key_repository => "${keystone_key_repo_path}/fernet-keys",
|
|
}
|
|
|
|
# Note: The log format strings are prefixed with "sysinv" because it is
|
|
# interpreted as the program by syslog-ng, which allows the sysinv logs to be
|
|
# filtered and directed to their own file.
|
|
|
|
# TODO(mpeters): update puppet-sysinv to permit configuration of log formats
|
|
# once the log configuration has been moved to oslo::log
|
|
sysinv_config {
|
|
'DEFAULT/logging_context_format_string': value =>
|
|
'sysinv %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user)s %(tenant)s] %(instance)s%(message)s';
|
|
'DEFAULT/logging_default_format_string': value =>
|
|
'sysinv %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s';
|
|
}
|
|
}
|
|
|
|
|
|
class platform::sysinv::conductor {
|
|
|
|
Class['::platform::drbd::platform'] -> Class[$name]
|
|
|
|
include ::sysinv::conductor
|
|
}
|
|
|
|
|
|
class platform::sysinv::haproxy
|
|
inherits ::platform::sysinv::params {
|
|
include ::platform::params
|
|
include ::platform::haproxy::params
|
|
|
|
platform::haproxy::proxy { 'sysinv-restapi':
|
|
server_name => 's-sysinv',
|
|
public_port => $api_port,
|
|
private_port => $api_port,
|
|
server_timeout => $server_timeout,
|
|
}
|
|
|
|
# Configure rules for DC https enabled admin endpoint.
|
|
if ($::platform::params::distributed_cloud_role == 'systemcontroller' or
|
|
$::platform::params::distributed_cloud_role == 'subcloud') {
|
|
platform::haproxy::proxy { 'sysinv-restapi-admin':
|
|
https_ep_type => 'admin',
|
|
server_name => 's-sysinv',
|
|
public_ip_address => $::platform::haproxy::params::private_ip_address,
|
|
public_port => $api_port + 1,
|
|
private_port => $api_port,
|
|
server_timeout => $server_timeout,
|
|
}
|
|
}
|
|
}
|
|
|
|
|
|
class platform::sysinv::api
|
|
inherits ::platform::sysinv::params {
|
|
|
|
include ::platform::params
|
|
include ::sysinv::api
|
|
|
|
if ($::platform::sysinv::params::service_create and
|
|
$::platform::params::init_keystone) {
|
|
include ::sysinv::keystone::auth
|
|
|
|
# Cleanup the endpoints created at bootstrap if they are not in
|
|
# the subcloud region.
|
|
if ($::platform::params::distributed_cloud_role == 'subcloud' and
|
|
$::platform::params::region_2_name != 'RegionOne') {
|
|
Keystone_endpoint["${platform::params::region_2_name}/sysinv::platform"] -> Keystone_endpoint['RegionOne/sysinv::platform']
|
|
keystone_endpoint { 'RegionOne/sysinv::platform':
|
|
ensure => 'absent',
|
|
name => 'sysinv',
|
|
type => 'platform',
|
|
region => 'RegionOne',
|
|
public_url => 'http://127.0.0.1:6385/v1',
|
|
admin_url => 'http://127.0.0.1:6385/v1',
|
|
internal_url => 'http://127.0.0.1:6385/v1'
|
|
}
|
|
}
|
|
}
|
|
|
|
# TODO(mpeters): move to sysinv puppet module parameters
|
|
sysinv_config {
|
|
'DEFAULT/sysinv_api_workers': value => $::platform::params::eng_workers_by_5;
|
|
}
|
|
|
|
include ::platform::sysinv::haproxy
|
|
}
|
|
|
|
|
|
class platform::sysinv::bootstrap (
|
|
$dc_sysinv_user_id = undef,
|
|
) {
|
|
include ::sysinv::db::postgresql
|
|
include ::sysinv::keystone::auth
|
|
|
|
if $dc_sysinv_user_id {
|
|
exec { 'update keystone sysinv assignment actor_id to match system controller':
|
|
command => "psql -d keystone -c \"update public.assignment set actor_id='${dc_sysinv_user_id}' from public.local_user where\
|
|
public.assignment.actor_id=public.local_user.user_id and public.local_user.name='sysinv'\"",
|
|
user => 'postgres',
|
|
require => Class['::sysinv::keystone::auth'],
|
|
}
|
|
-> exec { 'update keystone sysinv user id to match system controller':
|
|
command => "psql -d keystone -c \"update public.user set id='${dc_sysinv_user_id}' from public.local_user where\
|
|
public.user.id=public.local_user.user_id and public.local_user.name='sysinv'\"",
|
|
user => 'postgres',
|
|
}
|
|
}
|
|
|
|
include ::platform::sysinv
|
|
|
|
class { '::sysinv::api':
|
|
enabled => true
|
|
}
|
|
|
|
class { '::sysinv::conductor':
|
|
enabled => true
|
|
}
|
|
}
|