Browse Source

Trove Fuel Plugin update for OpenStack Fuel 8.0 release.

Implements: blueprint fuel-plugin-for-trove-liberty

Change-Id: Iddc7c6c867e10459d6aa9185528aedac29ae73b6
Shaik Apsar 2 years ago
parent
commit
1324103e27
99 changed files with 3583 additions and 1474 deletions
  1. 6
    0
      .gitignore
  2. 8
    0
      components.yaml
  3. 0
    50
      deployment_scripts/puppet/manifests/cluster.pp
  4. 0
    53
      deployment_scripts/puppet/manifests/db.pp
  5. 0
    48
      deployment_scripts/puppet/manifests/haproxy.pp
  6. 0
    44
      deployment_scripts/puppet/manifests/keystone.pp
  7. 0
    147
      deployment_scripts/puppet/manifests/rabbitmq.pp
  8. 0
    92
      deployment_scripts/puppet/manifests/trove.pp
  9. 71
    0
      deployment_scripts/puppet/modules/dbaas_trove/manifests/db.pp
  10. 107
    0
      deployment_scripts/puppet/modules/dbaas_trove/manifests/firewall.pp
  11. 103
    0
      deployment_scripts/puppet/modules/dbaas_trove/manifests/hiera_override.pp
  12. 74
    0
      deployment_scripts/puppet/modules/dbaas_trove/manifests/keystone.pp
  13. 103
    0
      deployment_scripts/puppet/modules/dbaas_trove/manifests/openstack_haproxy_trove.pp
  14. 103
    0
      deployment_scripts/puppet/modules/dbaas_trove/manifests/ssl_add_trust_chain.pp
  15. 126
    0
      deployment_scripts/puppet/modules/dbaas_trove/manifests/ssl_dns_setup.pp
  16. 98
    0
      deployment_scripts/puppet/modules/dbaas_trove/manifests/ssl_keys_saving.pp
  17. 177
    0
      deployment_scripts/puppet/modules/dbaas_trove/manifests/trove.pp
  18. 9
    0
      deployment_scripts/puppet/modules/dbaas_trove/modular/db.pp
  19. 1
    0
      deployment_scripts/puppet/modules/dbaas_trove/modular/firewall.pp
  20. 1
    0
      deployment_scripts/puppet/modules/dbaas_trove/modular/hiera_override.pp
  21. 1
    0
      deployment_scripts/puppet/modules/dbaas_trove/modular/keystone.pp
  22. 1
    0
      deployment_scripts/puppet/modules/dbaas_trove/modular/openstack-haproxy-trove.pp
  23. 1
    0
      deployment_scripts/puppet/modules/dbaas_trove/modular/ssl_add_trust_chain.pp
  24. 1
    0
      deployment_scripts/puppet/modules/dbaas_trove/modular/ssl_dns_setup.pp
  25. 1
    0
      deployment_scripts/puppet/modules/dbaas_trove/modular/ssl_keys_saving.pp
  26. 1
    0
      deployment_scripts/puppet/modules/dbaas_trove/modular/trove.pp
  27. 8
    5
      deployment_scripts/puppet/modules/trove/.gitignore
  28. 50
    0
      deployment_scripts/puppet/modules/trove/CHANGELOG.md
  29. 10
    23
      deployment_scripts/puppet/modules/trove/Gemfile
  30. 115
    1
      deployment_scripts/puppet/modules/trove/README.md
  31. 18
    6
      deployment_scripts/puppet/modules/trove/Rakefile
  32. 1
    18
      deployment_scripts/puppet/modules/trove/lib/puppet/provider/trove_api_paste_ini/ini_setting.rb
  33. 1
    18
      deployment_scripts/puppet/modules/trove/lib/puppet/provider/trove_conductor_config/ini_setting.rb
  34. 1
    18
      deployment_scripts/puppet/modules/trove/lib/puppet/provider/trove_config/ini_setting.rb
  35. 1
    18
      deployment_scripts/puppet/modules/trove/lib/puppet/provider/trove_guestagent_config/ini_setting.rb
  36. 1
    18
      deployment_scripts/puppet/modules/trove/lib/puppet/provider/trove_taskmanager_config/ini_setting.rb
  37. 9
    0
      deployment_scripts/puppet/modules/trove/lib/puppet/type/trove_api_paste_ini.rb
  38. 10
    0
      deployment_scripts/puppet/modules/trove/lib/puppet/type/trove_conductor_config.rb
  39. 10
    0
      deployment_scripts/puppet/modules/trove/lib/puppet/type/trove_config.rb
  40. 10
    0
      deployment_scripts/puppet/modules/trove/lib/puppet/type/trove_guestagent_config.rb
  41. 7
    0
      deployment_scripts/puppet/modules/trove/lib/puppet/type/trove_taskmanager_config.rb
  42. 82
    42
      deployment_scripts/puppet/modules/trove/manifests/api.pp
  43. 28
    22
      deployment_scripts/puppet/modules/trove/manifests/conductor.pp
  44. 103
    0
      deployment_scripts/puppet/modules/trove/manifests/db.pp
  45. 1
    1
      deployment_scripts/puppet/modules/trove/manifests/db/mysql.pp
  46. 0
    1
      deployment_scripts/puppet/modules/trove/manifests/db/sync.pp
  47. 3
    1
      deployment_scripts/puppet/modules/trove/manifests/generic_service.pp
  48. 104
    35
      deployment_scripts/puppet/modules/trove/manifests/guestagent.pp
  49. 94
    32
      deployment_scripts/puppet/modules/trove/manifests/init.pp
  50. 25
    20
      deployment_scripts/puppet/modules/trove/manifests/keystone/auth.pp
  51. 4
    0
      deployment_scripts/puppet/modules/trove/manifests/params.pp
  52. 43
    0
      deployment_scripts/puppet/modules/trove/manifests/quota.pp
  53. 0
    106
      deployment_scripts/puppet/modules/trove/manifests/rabbitmq.pp
  54. 92
    33
      deployment_scripts/puppet/modules/trove/manifests/taskmanager.pp
  55. 3
    3
      deployment_scripts/puppet/modules/trove/metadata.json
  56. 0
    0
      deployment_scripts/puppet/modules/trove/other-requirements.txt
  57. 17
    58
      deployment_scripts/puppet/modules/trove/spec/acceptance/basic_trove_spec.rb
  58. 11
    0
      deployment_scripts/puppet/modules/trove/spec/acceptance/nodesets/centos-70-x64.yml
  59. 4
    3
      deployment_scripts/puppet/modules/trove/spec/acceptance/nodesets/default.yml
  60. 1
    1
      deployment_scripts/puppet/modules/trove/spec/acceptance/nodesets/nodepool-centos7.yml
  61. 1
    1
      deployment_scripts/puppet/modules/trove/spec/acceptance/nodesets/nodepool-trusty.yml
  62. 11
    0
      deployment_scripts/puppet/modules/trove/spec/acceptance/nodesets/ubuntu-server-1404-x64.yml
  63. 88
    5
      deployment_scripts/puppet/modules/trove/spec/classes/trove_api_spec.rb
  64. 55
    0
      deployment_scripts/puppet/modules/trove/spec/classes/trove_conductor_spec.rb
  65. 119
    0
      deployment_scripts/puppet/modules/trove/spec/classes/trove_db_spec.rb
  66. 68
    4
      deployment_scripts/puppet/modules/trove/spec/classes/trove_guestagent_spec.rb
  67. 9
    5
      deployment_scripts/puppet/modules/trove/spec/classes/trove_init_spec.rb
  68. 9
    11
      deployment_scripts/puppet/modules/trove/spec/classes/trove_keystone_auth_spec.rb
  69. 39
    0
      deployment_scripts/puppet/modules/trove/spec/classes/trove_quota_spec.rb
  70. 95
    3
      deployment_scripts/puppet/modules/trove/spec/classes/trove_taskmanager_spec.rb
  71. 8
    4
      deployment_scripts/puppet/modules/trove/spec/shared_examples.rb
  72. 2
    0
      deployment_scripts/puppet/modules/trove/spec/spec_helper.rb
  73. 1
    1
      deployment_scripts/puppet/modules/trove/spec/spec_helper_acceptance.rb
  74. 30
    0
      deployment_scripts/puppet/modules/trove/spec/unit/provider/trove_config/ini_setting_spec.rb
  75. 17
    0
      deployment_scripts/puppet/modules/trove/spec/unit/type/trove_conductor_config_spec.rb
  76. 17
    0
      deployment_scripts/puppet/modules/trove/spec/unit/type/trove_conductor_guestagent_spec.rb
  77. 10
    0
      deployment_scripts/puppet/modules/trove/spec/unit/type/trove_config_spec.rb
  78. 0
    182
      deployment_scripts/puppet/modules/trove/templates/rabbitmq-init-centos.erb
  79. 0
    231
      deployment_scripts/puppet/modules/trove/templates/rabbitmq-init-ubuntu.erb
  80. 0
    7
      deployment_scripts/puppet/modules/trove/templates/rabbitmq.config.erb
  81. 66
    22
      deployment_scripts/puppet/modules/trove/templates/trove-guestagent.conf.erb
  82. 222
    42
      deployment_tasks.yaml
  83. 177
    0
      docs/Makefile
  84. BIN
      docs/source/_static/enable_plugin.png
  85. BIN
      docs/source/_static/env_nodes.png
  86. BIN
      docs/source/_static/env_ready.png
  87. BIN
      docs/source/_static/nodes_tab.png
  88. 340
    0
      docs/source/conf.py
  89. 24
    0
      docs/source/index.rst
  90. 45
    0
      docs/source/installation_guide.rst
  91. 53
    0
      docs/source/overview.rst
  92. 63
    0
      docs/source/user_guide.rst
  93. 84
    11
      environment_config.yaml
  94. 12
    18
      metadata.yaml
  95. 4
    0
      network_roles.yaml
  96. 24
    7
      node_roles.yaml
  97. 3
    1
      pre_build_hook
  98. 26
    0
      tasks.yaml
  99. 1
    2
      volumes.yaml

+ 6
- 0
.gitignore View File

@@ -0,0 +1,6 @@
1
+.tox
2
+.build
3
+*.pyc
4
+docs/build
5
+fuel-plugin-dbaas-trove-*.rpm
6
+repositories/ubuntu/*.deb

+ 8
- 0
components.yaml View File

@@ -0,0 +1,8 @@
1
+- name: additional_service:fuel-plugin-dbaas-trove
2
+  compatible: []
3
+  requires: []
4
+  incompatible: []
5
+  label: "Install Trove"
6
+  description: |
7
+      Trove provides scalable and reliable cloud Database as a Service provisioning
8
+       functionality for both relational and non-relational database engines.

+ 0
- 50
deployment_scripts/puppet/manifests/cluster.pp View File

@@ -1,50 +0,0 @@
1
-notice('MODULAR: trove/cluster.pp')
2
-
3
-if !(hiera('role') in ['trove']) {
4
-    fail('The node role is not in trove roles')
5
-}
6
-
7
-$network_scheme = hiera_hash('network_scheme', {})
8
-$network_metadata = hiera_hash('network_metadata', {})
9
-
10
-prepare_network_config($network_scheme)
11
-
12
-$trove_node       = get_nodes_hash_by_roles($network_metadata, ['trove'])
13
-
14
-$corosync_nodes   = corosync_nodes($trove_node, 'trove/api')
15
-
16
-$network_ip       = get_network_role_property('trove/api', 'ipaddr')
17
-
18
-class { 'cluster':
19
-  internal_address => $network_ip,
20
-  corosync_nodes   => $corosync_nodes,
21
-}
22
-
23
-pcmk_nodes { 'pacemaker' :
24
-  nodes => $corosync_nodes,
25
-  add_pacemaker_nodes => false,
26
-}
27
-
28
-Service <| title == 'corosync' |> {
29
-  subscribe => File['/etc/corosync/service.d'],
30
-  require   => File['/etc/corosync/corosync.conf'],
31
-}
32
-
33
-Service['corosync'] -> Pcmk_nodes<||>
34
-Pcmk_nodes<||> -> Service<| provider == 'pacemaker' |>
35
-
36
-# Sometimes during first start pacemaker can not connect to corosync
37
-# via IPC due to pacemaker and corosync processes are run under different users
38
-if($::operatingsystem == 'Ubuntu') {
39
-  $pacemaker_run_uid = 'hacluster'
40
-  $pacemaker_run_gid = 'haclient'
41
-
42
-  file {'/etc/corosync/uidgid.d/pacemaker':
43
-    content =>"uidgid {
44
-   uid: ${pacemaker_run_uid}
45
-   gid: ${pacemaker_run_gid}
46
-}"
47
-  }
48
-
49
-  File['/etc/corosync/corosync.conf'] -> File['/etc/corosync/uidgid.d/pacemaker'] -> Service <| title == 'corosync' |>
50
-}

+ 0
- 53
deployment_scripts/puppet/manifests/db.pp View File

@@ -1,53 +0,0 @@
1
-notice('MODULAR: trove/db.pp')
2
-
3
-$node_name = hiera('node_name')
4
-$trove_hash    = hiera_hash('fuel-plugin-dbaas-trove', {})
5
-$trove_enabled = pick($trove_hash['metadata']['enabled'], false)
6
-$mysql_hash     = hiera_hash('mysql_hash', {})
7
-$management_vip = hiera('management_vip', undef)
8
-$database_vip   = hiera('database_vip')
9
-
10
-$mysql_root_user     = pick($mysql_hash['root_user'], 'root')
11
-$mysql_db_create     = pick($mysql_hash['db_create'], true)
12
-$mysql_root_password = $mysql_hash['root_password']
13
-
14
-$db_user     = pick($trove_hash['metadata']['db_user'], 'trove')
15
-$db_name     = pick($trove_hash['metadata']['db_name'], 'trove')
16
-$db_password = pick($trove_hash['metadata']['db_password'], $mysql_root_password)
17
-
18
-$db_host          = pick($trove_hash['metadata']['db_host'], $database_vip, 'localhost')
19
-$db_create        = pick($trove_hash['metadata']['db_create'], $mysql_db_create)
20
-$db_root_user     = pick($trove_hash['metadata']['root_user'], $mysql_root_user)
21
-$db_root_password = pick($trove_hash['metadata']['root_password'], $mysql_root_password)
22
-
23
-$allowed_hosts = [ $node_name, 'localhost', '127.0.0.1', '%' ]
24
-
25
-if $trove_enabled and $db_create {
26
-
27
-  class { 'galera::client':
28
-    custom_setup_class => hiera('mysql_custom_setup_class', 'galera'),
29
-  }
30
-
31
-  class { 'trove::db::mysql':
32
-    user          => $db_user,
33
-    password      => $db_password,
34
-    dbname        => $db_name,
35
-    allowed_hosts => $allowed_hosts,
36
-  }
37
-
38
-  class { 'osnailyfacter::mysql_access':
39
-    db_host     => $db_host,
40
-    db_user     => $db_root_user,
41
-    db_password => $db_root_password,
42
-  }
43
-
44
-  Class['galera::client'] ->
45
-    Class['osnailyfacter::mysql_access'] ->
46
-      Class['trove::db::mysql']
47
-
48
-}
49
-
50
-class mysql::config {}
51
-include mysql::config
52
-class mysql::server {}
53
-include mysql::server

+ 0
- 48
deployment_scripts/puppet/manifests/haproxy.pp View File

@@ -1,48 +0,0 @@
1
-notice('MODULAR: trove/haproxy.pp')
2
-
3
-$network_metadata = hiera_hash('network_metadata')
4
-$trove_hash    = hiera_hash('fuel-plugin-dbaas-trove', {})
5
-# enabled by default
6
-$use_trove = pick($trove_hash['metadata']['enabled'], true)
7
-$public_ssl_hash = hiera('public_ssl')
8
-
9
-$troves_address_map = get_node_to_ipaddr_map_by_network_role(get_nodes_hash_by_roles($network_metadata, ['trove']), 'trove/api')
10
-
11
-if ($use_trove) {
12
-  $server_names        = hiera_array('trove_names', keys($troves_address_map))
13
-  $ipaddresses         = hiera_array('trove_ipaddresses', values($troves_address_map))
14
-  $public_virtual_ip   = hiera('public_vip')
15
-  $internal_virtual_ip = hiera('management_vip')
16
-
17
-  # configure trove ha proxy
18
-  Openstack::Ha::Haproxy_service {
19
-    internal_virtual_ip => $internal_virtual_ip,
20
-    ipaddresses         => $ipaddresses,
21
-    public_virtual_ip   => $public_virtual_ip,
22
-    server_names        => $server_names,
23
-    public_ssl          => $public_ssl_hash['services'],
24
-  }
25
-
26
-  openstack::ha::haproxy_service { 'trove-api':
27
-    order               => '210',
28
-    listen_port         => 8779,
29
-    internal            => true,
30
-    public              => true,
31
-  }
32
-
33
-  openstack::ha::haproxy_service { 'trove-rabbitmq':
34
-    order               => '211',
35
-    listen_port         => 55671,
36
-    define_backups      => true,
37
-    internal            => true,
38
-    public              => true,
39
-    haproxy_config_options => {
40
-      'option'          => ['tcpka'],
41
-      'timeout client'  => '48h',
42
-      'timeout server'  => '48h',
43
-      'balance'         => 'roundrobin',
44
-      'mode'            => 'tcp'
45
-    },
46
-    balancermember_options => 'check inter 5000 rise 2 fall 3',
47
-  }
48
-}

+ 0
- 44
deployment_scripts/puppet/manifests/keystone.pp View File

@@ -1,44 +0,0 @@
1
-notice('MODULAR: trove/keystone.pp')
2
-
3
-$trove_hash         = hiera_hash('fuel-plugin-dbaas-trove', {})
4
-$public_ssl_hash     = hiera('public_ssl')
5
-$public_vip          = hiera('public_vip')
6
-$public_address      = $public_ssl_hash['services'] ? {
7
-  true    => $public_ssl_hash['hostname'],
8
-  default => $public_vip,
9
-}
10
-$public_protocol     = $public_ssl_hash['services'] ? {
11
-  true    => 'https',
12
-  default => 'http',
13
-}
14
-$admin_protocol      = 'http'
15
-$admin_address       = hiera('management_vip')
16
-$region              = pick($trove_hash['metadata']['region'], hiera('region', 'RegionOne'))
17
-
18
-$password            = pick($trove_hash['metadata']['user_password'], 'password')
19
-$auth_name           = pick($trove_hash['metadata']['auth_name'], 'trove')
20
-$configure_endpoint  = pick($trove_hash['metadata']['configure_endpoint'], true)
21
-$configure_user      = pick($trove_hash['metadata']['configure_user'], true)
22
-$configure_user_role = pick($trove_hash['metadata']['configure_user_role'], true)
23
-$service_name        = pick($trove_hash['metadata']['service_name'], 'trove')
24
-$tenant              = pick($trove_hash['metadata']['tenant'], 'services')
25
-
26
-$port = '8779'
27
-
28
-$public_url      = "${public_protocol}://${public_address}:${port}/v1.0/%(tenant_id)s"
29
-$admin_url       = "${admin_protocol}://${admin_address}:${port}/v1.0/%(tenant_id)s"
30
-
31
-validate_string($public_address)
32
-validate_string($password)
33
-
34
-class { 'trove::keystone::auth':
35
-  password            => $password,
36
-  auth_name           => $auth_name,
37
-  configure_endpoint  => $configure_endpoint,
38
-  service_name        => $service_name,
39
-  public_url          => $public_url,
40
-  internal_url        => $admin_url,
41
-  admin_url           => $admin_url,
42
-  region              => $region,
43
-  tenant              => $tenant,
44
-}

+ 0
- 147
deployment_scripts/puppet/manifests/rabbitmq.pp View File

@@ -1,147 +0,0 @@
1
-notice('MODULAR: trove/rabbitmq.pp')
2
-
3
-$network_scheme = hiera_hash('network_scheme', {})
4
-prepare_network_config($network_scheme)
5
-
6
-$queue_provider = hiera('queue_provider', 'rabbitmq')
7
-
8
-if $queue_provider == 'rabbitmq' {
9
-  $trove_hash      = hiera_hash('fuel-plugin-dbaas-trove', {})
10
-  $erlang_cookie   = hiera('erlang_cookie', 'EOKOWXQREETZSHFNTPEY')
11
-  $version         = hiera('rabbit_version', '3.3.5')
12
-  $debug           = hiera('debug', false)
13
-  $deployment_mode = hiera('deployment_mode', 'ha_compact')
14
-  $amqp_port       = pick($trove_hash['rabbit_port'], '55671')
15
-  $rabbit_hash     = hiera_hash('rabbit_hash', {})
16
-  $enabled         = pick($rabbit_hash['enabled'], true)
17
-  $use_pacemaker   = pick($rabbit_hash['pacemaker'], true)
18
-
19
-  case $::osfamily {
20
-    'RedHat': {
21
-      $command_timeout  = "'-s KILL'"
22
-      $package_provider = 'yum'
23
-    }
24
-    'Debian': {
25
-      $command_timeout  = "'--signal=KILL'"
26
-      $package_provider = 'apt'
27
-    }
28
-    default: {
29
-      fail("Unsupported osfamily: ${::osfamily} operatingsystem: ${::operatingsystem},\
30
-  module ${module_name} only support osfamily RedHat and Debian")
31
-    }
32
-  }
33
-
34
-  if ($debug) {
35
-    # FIXME(aschultz): debug wasn't introduced until v3.5.0, when we upgrade
36
-    # we should change info to debug. Also don't forget to fix tests!
37
-    $rabbit_levels = '[{connection,info}]'
38
-  } else {
39
-    $rabbit_levels = '[{connection,info}]'
40
-  }
41
-
42
-  $cluster_partition_handling   = hiera('rabbit_cluster_partition_handling', 'autoheal')
43
-  $mnesia_table_loading_timeout = hiera('mnesia_table_loading_timeout', '10000')
44
-  $rabbitmq_bind_ip_address     = pick(get_network_role_property('trove/api', 'ipaddr'), 'UNSET')
45
-
46
-  # NOTE(bogdando) not a hash. Keep an indentation as is
47
-  $rabbit_tcp_listen_options    = hiera('rabbit_tcp_listen_options',
48
-    '[
49
-      binary,
50
-      {packet, raw},
51
-      {reuseaddr, true},
52
-      {backlog, 128},
53
-      {nodelay, true},
54
-      {exit_on_close, false},
55
-      {keepalive, true}
56
-    ]'
57
-  )
58
-  $config_kernel_variables = hiera('rabbit_config_kernel_variables',
59
-    {
60
-      'inet_dist_listen_min'         => '41055',
61
-      'inet_dist_listen_max'         => '41055',
62
-      'inet_default_connect_options' => '[{nodelay,true}]',
63
-      'net_ticktime'                 => '10',
64
-    }
65
-  )
66
-  $config_variables = hiera('rabbit_config_variables',
67
-    {
68
-      'log_levels'                 => $rabbit_levels,
69
-      'default_vhost'              => "<<\"/\">>",
70
-      'default_permissions'        => '[<<".*">>, <<".*">>, <<".*">>]',
71
-      'tcp_listen_options'         => $rabbit_tcp_listen_options,
72
-      'cluster_partition_handling' => $cluster_partition_handling,
73
-      'mnesia_table_loading_timeout' => $mnesia_table_loading_timeout,
74
-    }
75
-  )
76
-
77
-  $thread_pool_calc = min(100,max(12*$physicalprocessorcount,30))
78
-
79
-  if $deployment_mode == 'ha_compact' {
80
-    $rabbit_pid_file                   = '/var/run/rabbitmq/p_pid'
81
-    } else {
82
-    $rabbit_pid_file                   = '/var/run/rabbitmq/pid'
83
-  }
84
-  $environment_variables = hiera('rabbit_environment_variables',
85
-    {
86
-      'SERVER_ERL_ARGS'     => "\"+K true +A${thread_pool_calc} +P 1048576\"",
87
-      'PID_FILE'            => $rabbit_pid_file,
88
-    }
89
-  )
90
-
91
-  if ($enabled) {
92
-    class { '::rabbitmq':
93
-      admin_enable               => true,
94
-      repos_ensure               => false,
95
-      package_provider           => $package_provider,
96
-      package_source             => undef,
97
-      service_ensure             => 'running',
98
-      service_manage             => true,
99
-      port                       => $amqp_port,
100
-      delete_guest_user          => true,
101
-      default_user               => 'trove',
102
-      default_pass               => $trove_hash['metadata']['rabbit_password'],
103
-      # NOTE(bogdando) set to true and uncomment the lines below, if puppet should create a cluster
104
-      # We don't want it as far as OCF script creates the cluster
105
-      config_cluster             => false,
106
-      #erlang_cookie              => $erlang_cookie,
107
-      #wipe_db_on_cookie_change   => true,
108
-      #cluster_nodes              => $rabbitmq_cluster_nodes,
109
-      #cluster_node_type          => 'disc',
110
-      #cluster_partition_handling => $cluster_partition_handling,
111
-      version                    => $version,
112
-      node_ip_address            => $rabbitmq_bind_ip_address,
113
-      config_kernel_variables    => $config_kernel_variables,
114
-      config_variables           => $config_variables,
115
-      environment_variables      => $environment_variables,
116
-    }
117
-
118
-    if ($use_pacemaker) {
119
-      # Install rabbit-fence daemon
120
-      class { 'cluster::rabbitmq_fence':
121
-        enabled => $enabled,
122
-        require => Class['::rabbitmq']
123
-      }
124
-    }
125
-
126
-    class { 'trove::rabbitmq':
127
-      enabled        => $enabled,
128
-      # Do not install rabbitmq from trove classes
129
-      rabbitmq_class => false,
130
-      userid         => $trove_hash['metadata']['rabbit_user'],
131
-      password       => $trove_hash['metadata']['rabbit_password'],
132
-      require        => Class['::rabbitmq'],
133
-    }
134
-
135
-    if ($use_pacemaker) {
136
-      class { 'pacemaker_wrappers::rabbitmq':
137
-        command_timeout => $command_timeout,
138
-        debug           => $debug,
139
-        erlang_cookie   => $erlang_cookie,
140
-        admin_user      => $trove_hash['metadata']['rabbit_user'],
141
-        admin_pass      => $trove_hash['metadata']['rabbit_password'],
142
-        before          => Class['trove::rabbitmq'],
143
-      }
144
-    }
145
-  }
146
-
147
-}

+ 0
- 92
deployment_scripts/puppet/manifests/trove.pp View File

@@ -1,92 +0,0 @@
1
-notice('MODULAR: trove/trove.pp')
2
-
3
-prepare_network_config(hiera('network_scheme', {}))
4
-
5
-$trove_hash                 = hiera_hash('fuel-plugin-dbaas-trove', {})
6
-$nova_hash                  = hiera_hash('nova_hash', {})
7
-$neutron_config             = hiera_hash('neutron_config', {})
8
-$node_role                  = hiera('node_role')
9
-$public_ip                  = hiera('public_vip')
10
-$database_ip                = hiera('database_vip')
11
-$management_ip              = hiera('management_vip')
12
-$region                     = hiera('region', 'RegionOne')
13
-$service_endpoint           = hiera('service_endpoint')
14
-$debug                      = hiera('debug', false)
15
-$verbose                    = hiera('verbose', true)
16
-$use_syslog                 = hiera('use_syslog', true)
17
-$use_stderr                 = hiera('use_stderr', false)
18
-$rabbit_ha_queues           = hiera('rabbit_ha_queues')
19
-$amqp_port                  = hiera('amqp_port')
20
-$amqp_hosts                 = hiera('amqp_hosts')
21
-$public_ssl                 = hiera_hash('public_ssl', {})
22
-
23
-#################################################################
24
-
25
-if $trove_hash['metadata']['enabled'] {
26
-  $public_protocol = pick($public_ssl['services'], false) ? {
27
-    true    => 'https',
28
-    default => 'http',
29
-  }
30
-
31
-  $public_address = pick($public_ssl['services'], false) ? {
32
-    true    => pick($public_ssl['hostname']),
33
-    default => $public_ip,
34
-  }
35
-
36
-  $firewall_rule  = '210 trove-api'
37
-
38
-  $api_bind_port  = '8779'
39
-  $api_bind_host  = get_network_role_property('trove/api', 'ipaddr')
40
-
41
-  $trove_user    = pick($trove_hash['metadata']['user'], 'trove')
42
-  $tenant         = pick($trove_hash['metadata']['tenant'], 'services')
43
-  $internal_url   = "http://${api_bind_host}:${api_bind_port}"
44
-  $db_user        = pick($trove_hash['metadata']['db_user'], 'trove')
45
-  $db_name        = pick($trove_hash['metadata']['db_name'], 'trove')
46
-  $db_password    = pick($trove_hash['metadata']['db_password'], 's3cr3t')
47
-  $db_host        = pick($trove_hash['metadata']['db_host'], $database_ip)
48
-  $read_timeout   = '60'
49
-  $sql_connection = "mysql://${db_user}:${db_password}@${db_host}/${db_name}?read_timeout=${read_timeout}"
50
-
51
- 
52
-  class { '::trove::client': }
53
-
54
-  class { '::trove':
55
-    database_connection   => $sql_connection,
56
-    rabbit_host           => $management_ip,
57
-    rabbit_password       => $trove_hash['metadata']['rabbit_password'],
58
-    rabbit_port           => '55671',
59
-    rabbit_userid         => $trove_hash['metadata']['rabbit_user'],
60
-    rabbit_use_ssl        => false,
61
-    nova_proxy_admin_pass => $nova_hash['user_password'],
62
-    nova_proxy_admin_user => 'nova',
63
-    nova_proxy_admin_tenant_name => pick($nova_hash['tenant_name'], 'services'),
64
-  }
65
-
66
-  class { '::trove::api':
67
-    debug             => true,
68
-    verbose           => true,
69
-    bind_host         => $api_bind_host,
70
-    auth_url          => "http://${service_endpoint}:5000/v2.0/",
71
-    keystone_password => $trove_hash['metadata']['user_password'],
72
-  }
73
-
74
-  class { '::trove::conductor':
75
-    debug             => true,
76
-    verbose           => true,
77
-    auth_url          => "http://${service_endpoint}:5000/v2.0/",
78
-  }
79
-
80
-  class { '::trove::taskmanager':
81
-    debug             => true,
82
-    verbose           => true,
83
-    auth_url          => "http://${service_endpoint}:5000/v2.0/",
84
-  }
85
-
86
-  firewall { $firewall_rule :
87
-    dport  => $api_bind_port,
88
-    proto  => 'tcp',
89
-    action => 'accept',
90
-  }
91
-
92
-}

+ 71
- 0
deployment_scripts/puppet/modules/dbaas_trove/manifests/db.pp View File

@@ -0,0 +1,71 @@
1
+#
2
+# Copyright (C) 2016 AT&T Services, Inc.
3
+#
4
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
5
+# not use this file except in compliance with the License. You may obtain
6
+# a copy of the License at
7
+#
8
+#      http://www.apache.org/licenses/LICENSE-2.0
9
+#
10
+# Unless required by applicable law or agreed to in writing, software
11
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13
+# License for the specific language governing permissions and limitations
14
+# under the License.
15
+#
16
+# dbaas_trove::db
17
+
18
+class dbaas_trove::db {
19
+
20
+  notice('MODULAR: dbaas_trove/db')
21
+
22
+  $trove            = hiera_hash('fuel-plugin-dbaas-trove', undef)
23
+  $trove_enabled    = pick($trove['metadata']['enabled'], false)
24
+
25
+  if ($trove_enabled) {
26
+
27
+    $mysql_hash       = hiera_hash('mysql', {})
28
+    $management_vip   = hiera('management_vip', undef)
29
+    $database_vip     = hiera('database_vip', undef)
30
+
31
+    $mysql_root_user     = pick($mysql_hash['root_user'], 'root')
32
+    $mysql_db_create     = pick($mysql_hash['db_create'], true)
33
+    $mysql_root_password = $mysql_hash['root_password']
34
+
35
+    $db_user     = pick($trove['db_user'], 'trove')
36
+    $db_name     = pick($trove['db_name'], 'trove')
37
+    $db_password = $trove['db_password']
38
+
39
+    $db_host          = pick($trove['metadata']['db_host'], $database_vip)
40
+    $db_create        = pick($trove['metadata']['db_create'], $mysql_db_create)
41
+    $db_root_user     = pick($trove['metadata']['root_user'], $mysql_root_user)
42
+    $db_root_password = pick($trove['metadata']['root_password'], $mysql_root_password)
43
+
44
+    $allowed_hosts = [ 'localhost', '127.0.0.1', '%' ]
45
+
46
+    if $db_create {
47
+
48
+      class { '::galera::client':
49
+        custom_setup_class => hiera('mysql_custom_setup_class', 'galera'),
50
+      }
51
+
52
+      class { '::trove::db::mysql':
53
+        user          => $db_user,
54
+        password      => $db_password,
55
+        dbname        => $db_name,
56
+        allowed_hosts => $allowed_hosts,
57
+      }
58
+
59
+      class { '::osnailyfacter::mysql_access':
60
+        db_host     => $db_host,
61
+        db_user     => $db_root_user,
62
+        db_password => $db_root_password,
63
+      }
64
+
65
+      Class['::galera::client'] ->
66
+        Class['::osnailyfacter::mysql_access'] ->
67
+          Class['::trove::db::mysql']
68
+      }
69
+  }
70
+}
71
+

+ 107
- 0
deployment_scripts/puppet/modules/dbaas_trove/manifests/firewall.pp View File

@@ -0,0 +1,107 @@
1
+#
2
+# Copyright (C) 2016 AT&T Services, Inc.
3
+#
4
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
5
+# not use this file except in compliance with the License. You may obtain
6
+# a copy of the License at
7
+#
8
+#      http://www.apache.org/licenses/LICENSE-2.0
9
+#
10
+# Unless required by applicable law or agreed to in writing, software
11
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13
+# License for the specific language governing permissions and limitations
14
+# under the License.
15
+#
16
+# dbaas_trove::firewall
17
+
18
+class dbaas_trove::firewall {
19
+
20
+  notice('MODULAR: dbaas_trove/firewall.pp')
21
+
22
+  $trove          = hiera_hash('fuel-plugin-dbaas-trove', undef)
23
+  $trove_enabled  = pick($trove['metadata']['enabled'], false)
24
+
25
+  if ($trove_enabled) {
26
+
27
+    $network_scheme  = hiera_hash('network_scheme')
28
+    $trove_amqp_port = hiera('amqp_port')
29
+    $trove_api_port  = hiera('trove_api_port')
30
+
31
+    $corosync_input_port          = 5404
32
+    $corosync_output_port         = 5405
33
+    $erlang_epmd_port             = 4369
34
+    $erlang_inet_dist_port        = 41055
35
+    $erlang_rabbitmq_backend_port = $trove_amqp_port
36
+    $erlang_rabbitmq_port         = $trove_amqp_port
37
+    $pcsd_port                    = 2224
38
+
39
+    $trove_networks    = get_routable_networks_for_network_role($network_scheme, 'trove/api')
40
+    $corosync_networks = $trove_networks
41
+
42
+    openstack::firewall::multi_net {'210 trove-api':
43
+      port        => $trove_api_port,
44
+      proto       => 'tcp',
45
+      action      => 'accept',
46
+      source_nets => $trove_networks,
47
+    }
48
+
49
+
50
+    openstack::firewall::multi_net {'106 rabbitmq':
51
+      port        => [$erlang_epmd_port, $erlang_rabbitmq_port, $erlang_rabbitmq_backend_port, $erlang_inet_dist_port],
52
+      proto       => 'tcp',
53
+      action      => 'accept',
54
+      source_nets => $trove_networks,
55
+    }
56
+
57
+    # Workaround for fuel bug with firewall
58
+    firewall {'003 remote rabbitmq ':
59
+      sport  => [$erlang_epmd_port, $erlang_rabbitmq_port, $erlang_rabbitmq_backend_port, $erlang_inet_dist_port, 55672, 61613],
60
+      source => hiera('master_ip'),
61
+      proto  => 'tcp',
62
+      action => 'accept',
63
+    }
64
+
65
+    # allow local rabbitmq admin traffic for LP#1383258
66
+    firewall {'005 local rabbitmq admin':
67
+      sport   => [ 15672 ],
68
+      iniface => 'lo',
69
+      proto   => 'tcp',
70
+      action  => 'accept',
71
+    }
72
+
73
+    # reject all non-local rabbitmq admin traffic for LP#1450443
74
+    firewall {'006 reject non-local rabbitmq admin':
75
+      sport  => [ 15672 ],
76
+      proto  => 'tcp',
77
+      action => 'drop',
78
+    }
79
+
80
+    # allow connections from haproxy namespace
81
+    firewall {'030 allow connections from haproxy namespace':
82
+      source => '240.0.0.2',
83
+      action => 'accept',
84
+    }
85
+
86
+    openstack::firewall::multi_net {'113 corosync-input':
87
+      port        => $corosync_input_port,
88
+      proto       => 'udp',
89
+      action      => 'accept',
90
+      source_nets => $corosync_networks,
91
+    }
92
+
93
+    openstack::firewall::multi_net {'114 corosync-output':
94
+      port        => $corosync_output_port,
95
+      proto       => 'udp',
96
+      action      => 'accept',
97
+      source_nets => $corosync_networks,
98
+    }
99
+
100
+    openstack::firewall::multi_net {'115 pcsd-server':
101
+      port        => $pcsd_port,
102
+      proto       => 'tcp',
103
+      action      => 'accept',
104
+      source_nets => $corosync_networks,
105
+    }
106
+  }
107
+}

+ 103
- 0
deployment_scripts/puppet/modules/dbaas_trove/manifests/hiera_override.pp View File

@@ -0,0 +1,103 @@
1
+#
2
+# Copyright (C) 2016 AT&T Services, Inc.
3
+#
4
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
5
+# not use this file except in compliance with the License. You may obtain
6
+# a copy of the License at
7
+#
8
+#      http://www.apache.org/licenses/LICENSE-2.0
9
+#
10
+# Unless required by applicable law or agreed to in writing, software
11
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13
+# License for the specific language governing permissions and limitations
14
+# under the License.
15
+#
16
+# dbaas_trove::hiera_override
17
+
18
+class dbaas_trove::hiera_override {
19
+
20
+  notice('MODULAR: dbaas_trove/hiera_override.pp')
21
+
22
+  $plugin_name      = 'fuel-plugin-dbaas-trove'
23
+  $trove            = hiera_hash($plugin_name, undef)
24
+  $trove_enabled    = pick($trove['metadata']['enabled'], false)
25
+  $hiera_dir        = '/etc/hiera/override'
26
+  if ($trove_enabled) {
27
+
28
+    $plugin_yaml       = "${plugin_name}.yaml"
29
+    $network_metadata  = hiera_hash('network_metadata')
30
+
31
+    if empty($network_metadata) {
32
+      fail('Network_metadata not given in the astute.yaml')
33
+    }
34
+
35
+    $trove_roles       = [ 'primary-trove', 'trove' ]
36
+    $trove_nodes       = get_nodes_hash_by_roles($network_metadata, $trove_roles)
37
+
38
+    $trove_address_map = get_node_to_ipaddr_map_by_network_role(
39
+      $trove_nodes,
40
+      'trove/api'
41
+    )
42
+
43
+    $trove_nodes_ips    = values($trove_address_map)
44
+    $trove_nodes_names  = keys($trove_address_map)
45
+
46
+    $corosync_roles = $trove_roles
47
+    $corosync_nodes = $trove_nodes
48
+
49
+    $amqp_port        = hiera('amqp_port', '5673')
50
+    $trove_amqp_port  = hiera($trove['rabbit_port'], '55671')
51
+    $rabbit_username  = $trove['rabbit_user']
52
+    $rabbit_password  = $trove['rabbit_password']
53
+    $trove_api_port   = hiera($trove['trove_api_port'], 8779)
54
+    $trove_amqp_hosts = inline_template("<%= @trove_nodes_ips.map {|x| x + ':' + @trove_amqp_port}.join ',' %>")
55
+  }
56
+  $calculated_content = inline_template('<%
57
+require "yaml"
58
+data = {
59
+  "trove_amqp_hosts" => @trove_amqp_hosts,
60
+  "amqp_port"        => @trove_amqp_port ,
61
+  "infra_amqp_port"  => @amqp_port,
62
+  "trove_api_port"   => @trove_api_port,
63
+  "rabbit_hash"      => {
64
+    "user"           => @rabbit_username ,
65
+    "password"       => @rabbit_password ,
66
+  } ,
67
+}
68
+#data["trove_nodes"]    = @trove_nodes if @trove_nodes
69
+data["corosync_nodes"] = @corosync_nodes if @corosync_nodes
70
+data["corosync_roles"] = @corosync_roles if @corosync_roles
71
+-%>
72
+
73
+<%= YAML.dump(data) %>')
74
+
75
+  file { $hiera_dir :
76
+    ensure => 'directory',
77
+    path   => $hiera_dir,
78
+  } ->
79
+  file { "${hiera_dir}/${plugin_yaml}" :
80
+    ensure  => 'present',
81
+    content => $calculated_content,
82
+  }
83
+  package {'ruby-deep-merge':
84
+      ensure  => 'installed',
85
+  }
86
+
87
+  # hiera file changes between 7.0 and 8.0 so we need to handle the override the
88
+  # different yaml formats via these exec hacks.  It should be noted that the
89
+  # fuel hiera task will wipe out these this update to the hiera.yaml
90
+  exec { "${plugin_name}_hiera_override_7.0":
91
+    command => "sed -i '/  - override\\/plugins/a\\  - override\\/${plugin_name}' /etc/hiera.yaml",
92
+    path    => '/bin:/usr/bin',
93
+    unless  => "grep -q '^  - override/${plugin_name}' /etc/hiera.yaml",
94
+    onlyif  => 'grep -q "^  - override/plugins" /etc/hiera.yaml'
95
+  }
96
+
97
+  exec { "${plugin_name}_hiera_override_8.0":
98
+    command => "sed -i '/    - override\\/plugins/a\\    - override\\/${plugin_name}' /etc/hiera.yaml",
99
+    path    => '/bin:/usr/bin',
100
+    unless  => "grep -q '^    - override/${plugin_name}' /etc/hiera.yaml",
101
+    onlyif  => 'grep -q "^    - override/plugins" /etc/hiera.yaml'
102
+  }
103
+}

+ 74
- 0
deployment_scripts/puppet/modules/dbaas_trove/manifests/keystone.pp View File

@@ -0,0 +1,74 @@
1
+#
2
+# Copyright (C) 2016 AT&T Services, Inc.
3
+#
4
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
5
+# not use this file except in compliance with the License. You may obtain
6
+# a copy of the License at
7
+#
8
+#      http://www.apache.org/licenses/LICENSE-2.0
9
+#
10
+# Unless required by applicable law or agreed to in writing, software
11
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13
+# License for the specific language governing permissions and limitations
14
+# under the License.
15
+#
16
+# dbaas_trove::keystone
17
+class dbaas_trove::keystone {
18
+
19
+  notice('MODULAR: dbaas_trove/keystone')
20
+
21
+  $trove         = hiera_hash('fuel-plugin-dbaas-trove', undef)
22
+  $trove_enabled = pick($trove['metadata']['enabled'], false)
23
+
24
+  if ($trove_enabled) {
25
+
26
+    $management_vip     = hiera('management_vip')
27
+    $public_ssl_hash    = hiera_hash('public_ssl', {})
28
+    $ssl_hash           = hiera_hash('use_ssl', {})
29
+    $public_vip         = hiera('public_vip')
30
+
31
+    $public_protocol     = get_ssl_property($ssl_hash, $public_ssl_hash, 'trove', 'public', 'protocol', 'http')
32
+    $public_address      = get_ssl_property($ssl_hash, $public_ssl_hash, 'trove', 'public', 'hostname', [$public_vip])
33
+
34
+    $internal_protocol   = get_ssl_property($ssl_hash, {}, 'trove', 'internal', 'protocol', 'http')
35
+    $internal_address    = get_ssl_property($ssl_hash, {}, 'trove', 'internal', 'hostname', [$management_vip])
36
+
37
+    $admin_protocol      = get_ssl_property($ssl_hash, {}, 'trove', 'admin', 'protocol', 'http')
38
+    $admin_address       = get_ssl_property($ssl_hash, {}, 'trove', 'admin', 'hostname', [$management_vip])
39
+
40
+    $region              = pick($trove['region'], hiera('region', 'RegionOne'))
41
+    $password            = $trove['auth_password']
42
+    $auth_name           = pick($trove['auth_name'], 'trove')
43
+    $configure_endpoint  = pick($trove['configure_endpoint'], true)
44
+    $service_name        = pick($trove['service_name'], 'trove')
45
+    $tenant              = pick($trove['tenant'], 'services')
46
+
47
+    validate_string($public_address)
48
+    validate_string($password)
49
+
50
+    $bind_port = '8779'
51
+
52
+    $public_url          = "${public_protocol}://${public_address}:${bind_port}/v1.0/%(tenant_id)s"
53
+    $internal_url        = "${internal_protocol}://${internal_address}:${bind_port}/v1.0/%(tenant_id)s"
54
+    $admin_url           = "${admin_protocol}://${admin_address}:${bind_port}/v1.0/%(tenant_id)s"
55
+
56
+    Class['::osnailyfacter::wait_for_keystone_backends'] -> Class['::trove::keystone::auth']
57
+
58
+    class {'::osnailyfacter::wait_for_keystone_backends': }
59
+
60
+    class { '::trove::keystone::auth':
61
+      configure_endpoint => $configure_endpoint,
62
+      service_name       => $service_name,
63
+      region             => $region,
64
+      auth_name          => $auth_name,
65
+      password           => $password,
66
+      email              => "${auth_name}@localhost",
67
+      tenant             => $tenant,
68
+      public_url         => $public_url,
69
+      internal_url       => $internal_url,
70
+      admin_url          => $admin_url,
71
+    }
72
+  }
73
+}
74
+

+ 103
- 0
deployment_scripts/puppet/modules/dbaas_trove/manifests/openstack_haproxy_trove.pp View File

@@ -0,0 +1,103 @@
1
+#
2
+# Copyright (C) 2016 AT&T Services, Inc.
3
+#
4
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
5
+# not use this file except in compliance with the License. You may obtain
6
+# a copy of the License at
7
+#
8
+#      http://www.apache.org/licenses/LICENSE-2.0
9
+#
10
+# Unless required by applicable law or agreed to in writing, software
11
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13
+# License for the specific language governing permissions and limitations
14
+# under the License.
15
+#
16
+# dbaas_trove::openstack_haproxy_trove
17
+
18
+class dbaas_trove::openstack_haproxy_trove {
19
+
20
+  notice('MODULAR: dbaas_trove/openstack_haproxy_trove.pp')
21
+
22
+  $trove              = hiera_hash('fuel-plugin-dbaas-trove', undef)
23
+  $trove_enabled      = pick($trove['metadata']['enabled'], false)
24
+
25
+  if ($trove_enabled) {
26
+
27
+    $network_metadata   = hiera_hash('network_metadata', {})
28
+
29
+    $public_ssl_hash    = hiera_hash('public_ssl', {})
30
+    $ssl_hash           = hiera_hash('use_ssl', {})
31
+
32
+    $public_ssl         = get_ssl_property($ssl_hash, $public_ssl_hash, 'trove', 'public', 'usage', false)
33
+    $public_ssl_path    = get_ssl_property($ssl_hash, $public_ssl_hash, 'trove', 'public', 'path', [''])
34
+
35
+    $internal_ssl       = get_ssl_property($ssl_hash, {}, 'trove', 'internal', 'usage', false)
36
+    $internal_ssl_path  = get_ssl_property($ssl_hash, {}, 'trove', 'internal', 'path', [''])
37
+
38
+    $external_lb        = hiera('external_lb', false)
39
+    $trove_nodes        = get_nodes_hash_by_roles($network_metadata, ['primary-trove', 'trove'])
40
+
41
+    $trove_amqp_use_ssl  = pick($trove['metadata']['rabbit_use_ssl'], true)
42
+    $trove_amqp_port     = hiera($trove['rabbit_port'], '55671')
43
+    $trove_api_port      = hiera($trove['metadata']['trove_api_port'], 8779)
44
+
45
+    if (!$external_lb) {
46
+
47
+      $trove_address_map   = get_node_to_ipaddr_map_by_network_role($trove_nodes, 'trove/api')
48
+      $server_names        = hiera_array('trove_names', keys($trove_address_map))
49
+      $ipaddresses         = hiera_array('trove_ipaddresses', values($trove_address_map))
50
+      $public_virtual_ip   = hiera('public_vip')
51
+      $internal_virtual_ip = hiera('management_vip')
52
+
53
+      # configure trove ha proxy
54
+      Openstack::Ha::Haproxy_service {
55
+        internal_virtual_ip => $internal_virtual_ip,
56
+        ipaddresses         => $ipaddresses,
57
+        public_virtual_ip   => $public_virtual_ip,
58
+        server_names        => $server_names,
59
+        public              => true,
60
+        internal_ssl        => $internal_ssl,
61
+        internal_ssl_path   => $internal_ssl_path,
62
+      }
63
+
64
+      openstack::ha::haproxy_service { 'trove-api':
65
+        order                  => '206',
66
+        listen_port            => $trove_api_port,
67
+        public_ssl             => $public_ssl,
68
+        public_ssl_path        => $public_ssl_path,
69
+        #require_service        => 'trove-api',
70
+        haproxy_config_options => {
71
+          option           => ['httpchk', 'httplog', 'httpclose'],
72
+          'timeout server' => '660s',
73
+          'http-request'   => 'set-header X-Forwarded-Proto https if { ssl_fc }',
74
+        },
75
+        balancermember_options => 'check inter 10s fastinter 2s downinter 3s rise 3 fall 3',
76
+      }
77
+
78
+      if($public_ssl and $trove_amqp_use_ssl) {
79
+        $rabbit_public_ssl = true
80
+      } else {
81
+        $rabbit_public_ssl = false
82
+      }
83
+
84
+      openstack::ha::haproxy_service { 'trove-rabbitmq':
85
+        order                  => '205',
86
+        listen_port            => $trove_amqp_port,
87
+        public_ssl             => $rabbit_public_ssl,
88
+        public_ssl_path        => $public_ssl_path,
89
+        internal               => false,
90
+        define_backups         => true,
91
+        haproxy_config_options => {
92
+          'option'         => ['tcpka'],
93
+          'timeout client' => '48h',
94
+          'timeout server' => '48h',
95
+          'balance'        => 'roundrobin',
96
+          'mode'           => 'tcp',
97
+        },
98
+        balancermember_options => 'check inter 5000 rise 2 fall 3',
99
+      }
100
+    }
101
+  }
102
+}
103
+

+ 103
- 0
deployment_scripts/puppet/modules/dbaas_trove/manifests/ssl_add_trust_chain.pp View File

@@ -0,0 +1,103 @@
1
+#
2
+# Copyright (C) 2016 AT&T Services, Inc.
3
+#
4
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
5
+# not use this file except in compliance with the License. You may obtain
6
+# a copy of the License at
7
+#
8
+#      http://www.apache.org/licenses/LICENSE-2.0
9
+#
10
+# Unless required by applicable law or agreed to in writing, software
11
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13
+# License for the specific language governing permissions and limitations
14
+# under the License.
15
+#
16
+# dbaas_trove::ssl_add_trust_chain
17
+
18
+class dbaas_trove::ssl_add_trust_chain {
19
+
20
+  notice('MODULAR: dbaas_trove/ssl_add_trust_chain.pp')
21
+
22
+  $trove            = hiera_hash('fuel-plugin-dbaas-trove', undef)
23
+  $trove_enabled    = pick($trove['metadata']['enabled'], false)
24
+
25
+ Exec {
26
+    path => '/bin:/usr/bin:/sbin:/usr/sbin',
27
+  }
28
+
29
+  File {
30
+    ensure => file,
31
+  }
32
+
33
+  define file_link {
34
+    $service = $name
35
+    if !empty(file("/etc/pki/tls/certs/public_${service}.pem",'/dev/null')) {
36
+      file { "/usr/local/share/ca-certificates/${service}_public_haproxy.crt":
37
+        source => "/etc/pki/tls/certs/public_${service}.pem",
38
+      }
39
+    }
40
+
41
+    if !empty(file("/etc/pki/tls/certs/internal_${service}.pem",'/dev/null')) {
42
+      file { "/usr/local/share/ca-certificates/${service}_internal_haproxy.crt":
43
+        source => "/etc/pki/tls/certs/internal_${service}.pem",
44
+      }
45
+    }
46
+
47
+    if !empty(file("/etc/pki/tls/certs/admin_${service}.pem",'/dev/null')) {
48
+      file { "/usr/local/share/ca-certificates/${service}_admin_haproxy.crt":
49
+        source => "/etc/pki/tls/certs/admin_${service}.pem",
50
+      }
51
+    }
52
+  }
53
+
54
+  if !empty($ssl_hash and $trove_enabled) {
55
+    $custome_services = [ 'trove' ]
56
+
57
+    file_link { $custome_services: }
58
+
59
+  }  elsif !empty($custome_services and $trove_enabled) {
60
+    case $::osfamily {
61
+      'RedHat': {
62
+        file { '/etc/pki/ca-trust/source/anchors/public_haproxy.pem':
63
+          source => '/etc/pki/tls/certs/public_haproxy.pem',
64
+        }
65
+      }
66
+
67
+      'Debian': {
68
+        file { '/usr/local/share/ca-certificates/public_haproxy.crt':
69
+          source => '/etc/pki/tls/certs/public_haproxy.pem',
70
+        }
71
+      }
72
+
73
+      default: {
74
+        fail("Unsupported OS: ${::osfamily}/${::operatingsystem}")
75
+      }
76
+    }
77
+  }
78
+
79
+  case $::osfamily {
80
+    'RedHat': {
81
+      exec { 'enable_trust':
82
+        command     => 'update-ca-trust force-enable',
83
+        refreshonly => true,
84
+        notify      => Exec['add_trust']
85
+      }
86
+
87
+      File <||> ~> Exec['enable_trust']
88
+    }
89
+
90
+    'Debian': {
91
+      File <||> ~> Exec['add_trust']
92
+    }
93
+
94
+    default: {
95
+      fail("Unsupported OS: ${::osfamily}/${::operatingsystem}")
96
+    }
97
+  }
98
+
99
+  exec { 'add_trust':
100
+    command     => 'update-ca-certificates',
101
+    refreshonly => true,
102
+  }
103
+}

+ 126
- 0
deployment_scripts/puppet/modules/dbaas_trove/manifests/ssl_dns_setup.pp View File

@@ -0,0 +1,126 @@
1
+#
2
+# Copyright (C) 2016 AT&T Services, Inc.
3
+#
4
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
5
+# not use this file except in compliance with the License. You may obtain
6
+# a copy of the License at
7
+#
8
+#      http://www.apache.org/licenses/LICENSE-2.0
9
+#
10
+# Unless required by applicable law or agreed to in writing, software
11
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13
+# License for the specific language governing permissions and limitations
14
+# under the License.
15
+#
16
+# dbaas_trove::ssl_dns_setup
17
+
18
+class dbaas_trove::ssl_dns_setup {
19
+
20
+  notice('MODULAR: dbaas_trove/ssl_dns_setup.pp')
21
+
22
+  $trove            = hiera_hash('fuel-plugin-dbaas-trove', undef)
23
+  $trove_enabled    = pick($trove['metadata']['enabled'], false)
24
+
25
+  $public_ssl_hash = hiera_hash('public_ssl')
26
+  $ssl_hash = hiera_hash('use_ssl', {})
27
+  $public_vip = hiera('public_vip')
28
+  $management_vip = hiera('management_vip')
29
+  $openstack_service_endpoints = hiera_hash('openstack_service_endpoints', {})
30
+
31
+  $custom_services = [ 'trove']
32
+
33
+  define hosts (
34
+    $ssl_hash,
35
+    ){
36
+    $service = $name
37
+    $public_vip = hiera('public_vip')
38
+    $management_vip = hiera('management_vip')
39
+
40
+    $public_hostname = try_get_value($ssl_hash, "${service}_public_hostname", '')
41
+    $internal_hostname = try_get_value($ssl_hash, "${service}_internal_hostname", '')
42
+    $admin_hostname = try_get_value($ssl_hash, "${service}_admin_hostname", $internal_hostname)
43
+
44
+    $service_public_ip = try_get_value($ssl_hash, "${service}_public_ip", '')
45
+    if !empty($service_public_ip) {
46
+      $public_ip = $service_public_ip
47
+    } else {
48
+      $public_ip = $public_vip
49
+    }
50
+
51
+    $service_internal_ip = try_get_value($ssl_hash, "${service}_internal_ip", '')
52
+    if !empty($service_internal_ip) {
53
+      $internal_ip = $service_internal_ip
54
+    } else {
55
+      $internal_ip = $management_vip
56
+    }
57
+
58
+    $service_admin_ip = try_get_value($ssl_hash, "${service}_admin_ip", '')
59
+    if !empty($service_admin_ip) {
60
+      $admin_ip = $service_admin_ip
61
+    } else {
62
+      $admin_ip = $management_vip
63
+    }
64
+
65
+    # We always need to set public hostname resolution
66
+    if !empty($public_hostname) and !defined(Host[$public_hostname]) {
67
+      host { $public_hostname:
68
+        name   => $public_hostname,
69
+        ensure => present,
70
+        ip     => $public_ip,
71
+      }
72
+    }
73
+
74
+    if ($public_hostname == $internal_hostname) and ($public_hostname == $admin_hostname) {
75
+      notify{"All ${service} hostnames is equal, just public one inserted to DNS":}
76
+    }
77
+    elsif $public_hostanme == $internal_hostname {
78
+      if !empty($admin_hostname) and !defined(Host[$admin_hostname]) {
79
+        host { $admin_hostname:
80
+          name   => $admin_hostname,
81
+          ensure => present,
82
+          ip     => $admin_ip,
83
+        }
84
+      }
85
+    }
86
+    elsif ($public_hostname == $admin_hostname) or ($internal_hostname == $admin_hostname) {
87
+      if !empty($internal_hostname) and !defined(Host[$internal_hostname]) {
88
+        host { $internal_hostname:
89
+          name   => $internal_hostname,
90
+          ensure => present,
91
+          ip     => $internal_ip,
92
+        }
93
+      }
94
+    }
95
+    else {
96
+      if !empty($admin_hostname) and !defined(Host[$admin_hostname]) {
97
+        host { $admin_hostname:
98
+          name   => $admin_hostname,
99
+          ensure => present,
100
+          ip     => $admin_ip,
101
+        }
102
+      }
103
+      if !empty($internal_hostname) and !defined(Host[$internal_hostname]) {
104
+        host { $internal_hostname:
105
+          name   => $internal_hostname,
106
+          ensure => present,
107
+          ip     => $internal_ip,
108
+        }
109
+      }
110
+    }
111
+  }
112
+
113
+  if($trove_enabled) {
114
+    if !empty($ssl_hash) {
115
+      hosts { $custom_services:
116
+        ssl_hash => $ssl_hash,
117
+      }
118
+    } elsif !empty($public_ssl_hash) {
119
+      host { $public_ssl_hash['hostname']:
120
+        ensure => present,
121
+        ip     => $public_vip,
122
+      }
123
+    }
124
+  }
125
+
126
+}

+ 98
- 0
deployment_scripts/puppet/modules/dbaas_trove/manifests/ssl_keys_saving.pp View File

@@ -0,0 +1,98 @@
1
+#
2
+# Copyright (C) 2016 AT&T Services, Inc.
3
+#
4
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
5
+# not use this file except in compliance with the License. You may obtain
6
+# a copy of the License at
7
+#
8
+#      http://www.apache.org/licenses/LICENSE-2.0
9
+#
10
+# Unless required by applicable law or agreed to in writing, software
11
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13
+# License for the specific language governing permissions and limitations
14
+# under the License.
15
+#
16
+# dbaas_trove::ssl_keys_saving
17
+
18
+class dbaas_trove::ssl_keys_saving {
19
+
20
+  notice('MODULAR: dbaas_trove/ssl_keys_saving.pp')
21
+
22
+  $trove            = hiera_hash('fuel-plugin-dbaas-trove', undef)
23
+  $trove_enabled    = pick($trove['metadata']['enabled'], false)
24
+
25
+  $public_ssl_hash = hiera_hash('public_ssl')
26
+  $ssl_hash = hiera_hash('use_ssl', {})
27
+  $pub_certificate_content = try_get_value($public_ssl_hash, 'cert_data/content', '')
28
+  $base_path = '/etc/pki/tls/certs'
29
+  $pki_path = [ '/etc/pki', '/etc/pki/tls' ]
30
+  $astute_base_path = '/var/lib/astute/haproxy'
31
+
32
+  File {
33
+    owner => 'root',
34
+    group => 'root',
35
+    mode  => '0644',
36
+  }
37
+
38
+  file { [ $pki_path, $base_path, $astute_base_path ]:
39
+    ensure => directory,
40
+  }
41
+
42
+  #TODO(sbog): convert it to '.each' syntax when moving to Puppet 4
43
+  #TODO(anoskov): move it outside class 'osnailyfacter::ssl::ssl_keys_saving'
44
+  define cert_file (
45
+    $ssl_hash,
46
+    $base_path,
47
+    $astute_base_path,
48
+    ){
49
+    $service = $name
50
+
51
+    $public_service = try_get_value($ssl_hash, "${service}_public", false)
52
+    $public_usercert = try_get_value($ssl_hash, "${service}_public_usercert", false)
53
+    $public_certdata = try_get_value($ssl_hash, "${service}_public_certdata/content", '')
54
+    $internal_service = try_get_value($ssl_hash, "${service}_internal", false)
55
+    $internal_usercert = try_get_value($ssl_hash, "${service}_internal_usercert", false)
56
+    $internal_certdata = try_get_value($ssl_hash, "${service}_internal_certdata/content", '')
57
+    $admin_service = try_get_value($ssl_hash, "${service}_admin", false)
58
+    $admin_usercert = try_get_value($ssl_hash, "${service}_admin_usercert", false)
59
+    $admin_certdata = try_get_value($ssl_hash, "${service}_admin_certdata/content", '')
60
+
61
+    if $ssl_hash["${service}"] {
62
+      if $public_service and $public_usercert and !empty($public_certdata) {
63
+        file { ["${base_path}/public_${service}.pem", "${astute_base_path}/public_${service}.pem"]:
64
+          ensure  => present,
65
+          content => $public_certdata,
66
+        }
67
+      }
68
+      if $internal_service and $internal_usercert and !empty($internal_certdata) {
69
+        file { ["${base_path}/internal_${service}.pem", "${astute_base_path}/internal_${service}.pem"]:
70
+          ensure  => present,
71
+          content => $internal_certdata,
72
+        }
73
+      }
74
+      if $admin_service and $admin_usercert and !empty($admin_certdata) {
75
+        file { ["${base_path}/admin_${service}.pem", "${astute_base_path}/admin_${service}.pem"]:
76
+          ensure  => present,
77
+          content => $admin_certdata,
78
+        }
79
+      }
80
+    }
81
+  }
82
+
83
+  if !empty($ssl_hash and $trove_enabled) {
84
+    $custom_services = [ 'trove']
85
+
86
+    cert_file { $custom_services:
87
+      ssl_hash         => $ssl_hash,
88
+      base_path        => $base_path,
89
+      astute_base_path => $astute_base_path,
90
+    }
91
+  } elsif !empty($public_ssl_hash and $trove_enabled) {
92
+    file { ["${base_path}/public_haproxy.pem", "${astute_base_path}/public_haproxy.pem"]:
93
+      ensure  => present,
94
+      content => $pub_certificate_content,
95
+    }
96
+  }
97
+
98
+}

+ 177
- 0
deployment_scripts/puppet/modules/dbaas_trove/manifests/trove.pp View File

@@ -0,0 +1,177 @@
1
+#
2
+# Copyright (C) 2016 AT&T Services, Inc.
3
+#
4
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
5
+# not use this file except in compliance with the License. You may obtain
6
+# a copy of the License at
7
+#
8
+#      http://www.apache.org/licenses/LICENSE-2.0
9
+#
10
+# Unless required by applicable law or agreed to in writing, software
11
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13
+# License for the specific language governing permissions and limitations
14
+# under the License.
15
+#
16
+# dbaas_trove::trove
17
+
18
+class dbaas_trove::trove {
19
+
20
+  notice('MODULAR: dbaas_trove/trove')
21
+
22
+  $trove          = hiera_hash('fuel-plugin-dbaas-trove', undef)
23
+  $trove_enabled  = pick($trove['metadata']['enabled'], false)
24
+
25
+  prepare_network_config(hiera('network_scheme', {}))
26
+
27
+  if ($trove_enabled) {
28
+
29
+    $nova_hash                  = hiera_hash('nova', {})
30
+    $neutron_config             = hiera_hash('neutron_config', {})
31
+    $public_vip                 = hiera('public_vip')
32
+    $database_vip               = hiera('database_vip')
33
+    $management_vip             = hiera('management_vip')
34
+    $region                     = hiera('region', 'RegionOne')
35
+    $service_endpoint           = hiera('service_endpoint')
36
+    $debug                      = hiera('debug', false)
37
+    $verbose                    = hiera('verbose', true)
38
+    $use_syslog                 = hiera('use_syslog', true)
39
+    $use_stderr                 = hiera('use_stderr', false)
40
+    $trove_amqp_port            = hiera('amqp_port')
41
+    $trove_amqp_hosts           = hiera('trove_amqp_hosts')
42
+    $public_ssl_hash            = hiera_hash('public_ssl', {})
43
+    $ssl_hash                   = hiera_hash('use_ssl', {})
44
+    $external_dns               = hiera_hash('external_dns', {})
45
+    $external_lb                = hiera('external_lb', false)
46
+    $api_bind_port              = hiera('trove_api_port')
47
+
48
+    $internal_auth_protocol     = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'protocol', 'http')
49
+    $internal_auth_address      = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'hostname', [hiera('keystone_endpoint', ''), $service_endpoint, $management_vip])
50
+    $auth_url                   = "${internal_auth_protocol}://${internal_auth_address}:5000/v2.0/"
51
+
52
+    $admin_auth_protocol        = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'protocol', 'http')
53
+    $admin_auth_address         = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'hostname', [hiera('keystone_endpoint', ''), $service_endpoint, $management_vip])
54
+    $identity_uri               = "${admin_auth_protocol}://${admin_auth_address}:35357/"
55
+
56
+    $neutron_protocol           = get_ssl_property($ssl_hash, {}, 'neutron', 'internal', 'protocol', 'http')
57
+    $neutron_address            = get_ssl_property($ssl_hash, {}, 'neutron', 'internal', 'hostname', [$service_endpoint, $management_vip])
58
+    $neutron_url                = "${neutron_protocol}://${neutron_address}:9696/"
59
+
60
+    $cinder_protocol            = get_ssl_property($ssl_hash, {}, 'cinder', 'internal', 'protocol', 'http')
61
+    $cinder_address             = get_ssl_property($ssl_hash, {}, 'cinder', 'internal', 'hostname', [$service_endpoint, $management_vip])
62
+    $cinder_url                 = "${cinder_protocol}://${cinder_address}:8776/v1"
63
+
64
+    $swift_protocol             = get_ssl_property($ssl_hash, {}, 'swift', 'internal', 'protocol', 'http')
65
+    $swift_address              = get_ssl_property($ssl_hash, {}, 'swift', 'internal', 'hostname', [$service_endpoint, $management_vip])
66
+    $swift_url                  = "${swift_protocol}://${swift_address}:8080/v1/AUTH_"
67
+
68
+    $nova_protocol              = get_ssl_property($ssl_hash, {}, 'nova', 'internal', 'protocol', 'http')
69
+    $nova_address               = get_ssl_property($ssl_hash, {}, 'nova', 'internal', 'hostname', [$service_endpoint, $management_vip])
70
+    $nova_url                   = "${nova_protocol}://${nova_address}:8774/v2"
71
+
72
+    $trove_public_ssl           = get_ssl_property($ssl_hash, $public_ssl_hash, 'trove', 'public', 'usage', false)
73
+    $trove_public_protocol      = get_ssl_property($ssl_hash, $public_ssl_hash, 'trove', 'public', 'protocol', 'http')
74
+    $trove_public_address       = get_ssl_property($ssl_hash, $public_ssl_hash, 'trove', 'public', 'hostname', [$public_vip])
75
+
76
+    $api_bind_host    = get_network_role_property('trove/api', 'ipaddr')
77
+    $tenant           = pick($trove['tenant'], 'services')
78
+    $db_user          = pick($trove['db_user'], 'trove')
79
+    $db_name          = pick($trove['db_name'], 'trove')
80
+    $db_password      = $trove['db_password']
81
+    $read_timeout     = '60'
82
+    $sql_connection   = "mysql://${db_user}:${db_password}@${database_vip}/${db_name}?read_timeout=${read_timeout}"
83
+    $sql_idle_timeout = pick($idle_timeout, '3600')
84
+
85
+    $rabbit_password               = $trove['rabbit_password']
86
+    $rabbit_userid                 = $trove['rabbit_user']
87
+    $rabbit_use_ssl                = pick($trove['metadata']['rabbit_use_ssl'], true)
88
+    $amqp_durable_queues           = pick($trove['amqp_durable_queues'], true)
89
+    $rabbit_ha_queues              = pick($trove['rabbit_ha_queues'], true)
90
+    $public_rabbit_hosts           = "$public_vip:$trove_amqp_port"
91
+
92
+    if($trove_public_ssl and $rabbit_use_ssl) {
93
+      $guest_rabbit_use_ssl = true
94
+    } else {
95
+      $guest_rabbit_use_ssl = false
96
+    }
97
+
98
+    $nova_proxy_admin_pass        = $nova_hash['user_password']
99
+    $nova_proxy_admin_user        = $nova_hash['auth_name']
100
+    $nova_proxy_admin_tenant_name = pick($nova_hash['tenant_name'], 'services')
101
+
102
+    class { '::trove::client': }
103
+
104
+    class { '::trove':
105
+      database_connection          => $sql_connection,
106
+      database_idle_timeout        => $sql_idle_timeout,
107
+      rabbit_hosts                 => $trove_amqp_hosts,
108
+      rabbit_password              => $trove['rabbit_password'],
109
+      rabbit_userid                => $trove['rabbit_user'],
110
+      rabbit_ha_queues             => $rabbit_ha_queues,
111
+      amqp_durable_queues          => $amqp_durable_queues,
112
+      os_region_name               => $region,
113
+      nova_compute_url             => $nova_url,
114
+      cinder_url                   => $cinder_url,
115
+      swift_url                    => $swift_url,
116
+      neutron_url                  => $neutron_url,
117
+      nova_proxy_admin_pass        => $nova_hash['user_password'],
118
+      nova_proxy_admin_user        => $nova_hash['auth_name'],
119
+      nova_proxy_admin_tenant_name => pick($nova_hash['tenant_name'], 'services'),
120
+    }
121
+
122
+    class { '::trove::api':
123
+      debug             => $debug,
124
+      verbose           => $verbose,
125
+      bind_host         => $api_bind_host,
126
+      auth_url          => $auth_url,
127
+      auth_host         => $service_endpoint,
128
+      keystone_password => $trove['auth_password'],
129
+      keystone_user     => $trove['auth_name'],
130
+    }
131
+
132
+    class { '::trove::conductor':
133
+      debug    => $debug,
134
+      verbose  => $verbose,
135
+      auth_url => $auth_url,
136
+    }
137
+
138
+    class { '::trove::taskmanager':
139
+      debug                   => $debug,
140
+      verbose                 => $verbose,
141
+      auth_url                => $auth_url,
142
+      use_guestagent_template => false,
143
+    }
144
+
145
+    class { '::trove::guestagent':
146
+      enabled        => false,
147
+      manage_service => true,
148
+      debug          => $debug,
149
+      verbose        => $verbose,
150
+      rabbit_hosts   => $public_rabbit_hosts,
151
+      rabbit_host    => $public_vip,
152
+      rabbit_port    => $trove_amqp_port,
153
+      rabbit_use_ssl => $guest_rabbit_use_ssl,
154
+      auth_url       => false,
155
+      swift_url      => false,
156
+    }
157
+
158
+    class { '::trove::quota': }
159
+
160
+    class { '::trove::config':
161
+      trove_config            => {
162
+        'DEFAULT/taskmanager_manager'          => { value        => 'trove.taskmanager.manager.Manager' },
163
+        'DEFAULT/update_status_on_fail'        => { value        => 'True' },
164
+        'DEFAULT/guest_config'                 => { value        => '/etc/trove/trove-guestagent.conf' },
165
+        'DEFAULT/injected_config_location'     => { value        => '/etc/trove' },
166
+        'DEFAULT/guest_info'                   => { value        => '/etc/guest_info' },
167
+        'DEFAULT/volume_time_out'              => { value        => '240' },
168
+        'DEFAULT/agent_call_high_timeout'      => { value        => '240' },
169
+        'DEFAULT/agent_call_low_timeout'       => { value        => '20' },
170
+      },
171
+      trove_guestagent_config => {
172
+        'mysql/replication_strategy'  => { value        => 'MysqlGTIDReplication' },
173
+        'mysql/replication_namespace' => { value        => 'trove.guestagent.strategies.replication.mysql_gtid' },
174
+      },
175
+    }
176
+  }
177
+}

+ 9
- 0
deployment_scripts/puppet/modules/dbaas_trove/modular/db.pp View File

@@ -0,0 +1,9 @@
1
+include ::dbaas_trove::db
2
+
3
+# mysql::config
4
+class mysql::config {}
5
+include ::mysql::config
6
+
7
+# mysql::server
8
+class mysql::server {}
9
+include ::mysql::server

+ 1
- 0
deployment_scripts/puppet/modules/dbaas_trove/modular/firewall.pp View File

@@ -0,0 +1 @@
1
+include ::dbaas_trove::firewall

+ 1
- 0
deployment_scripts/puppet/modules/dbaas_trove/modular/hiera_override.pp View File

@@ -0,0 +1 @@
1
+include ::dbaas_trove::hiera_override

+ 1
- 0
deployment_scripts/puppet/modules/dbaas_trove/modular/keystone.pp View File

@@ -0,0 +1 @@
1
+include ::dbaas_trove::keystone

+ 1
- 0
deployment_scripts/puppet/modules/dbaas_trove/modular/openstack-haproxy-trove.pp View File

@@ -0,0 +1 @@
1
+include ::dbaas_trove::openstack_haproxy_trove

+ 1
- 0
deployment_scripts/puppet/modules/dbaas_trove/modular/ssl_add_trust_chain.pp View File

@@ -0,0 +1 @@
1
+include ::dbaas_trove::ssl_add_trust_chain

+ 1
- 0
deployment_scripts/puppet/modules/dbaas_trove/modular/ssl_dns_setup.pp View File

@@ -0,0 +1 @@
1
+include ::dbaas_trove::ssl_dns_setup

+ 1
- 0
deployment_scripts/puppet/modules/dbaas_trove/modular/ssl_keys_saving.pp View File

@@ -0,0 +1 @@
1
+include ::dbaas_trove::ssl_keys_saving

+ 1
- 0
deployment_scripts/puppet/modules/dbaas_trove/modular/trove.pp View File

@@ -0,0 +1 @@
1
+include ::dbaas_trove::trove

+ 8
- 5
deployment_scripts/puppet/modules/trove/.gitignore View File

@@ -1,8 +1,11 @@
1
-*.swp
2
-spec/fixtures/modules/*
3
-spec/fixtures/manifests/site.pp
1
+pkg/
4 2
 Gemfile.lock
5
-.vendor
6
-.bundle/
7 3
 vendor/
4
+spec/fixtures/
5
+.vagrant/
6
+.bundle/
7
+coverage/
8
+.idea/
9
+*.swp
10
+*.iml
8 11
 openstack/

+ 50
- 0
deployment_scripts/puppet/modules/trove/CHANGELOG.md View File

@@ -1,3 +1,53 @@
1
+##2016-05-20 - 7.1.0
2
+
3
+###Summary
4
+
5
+This is a feature and bugfix release in the Liberty series.
6
+
7
+####Features
8
+
9
+- Support of PyMySQL driver for MySQL backend
10
+
11
+####Bugfixes
12
+
13
+- Remove nova_* options from trove-guestagent.conf.erb
14
+- Use swift_url variable in the template instead of the hardcoded url
15
+
16
+####Maintenance
17
+
18
+- Add deprecation warning for Qpid rpc driver
19
+
20
+
21
+##2015-11-25 - 7.0.0
22
+###Summary
23
+
24
+This is a backwards-compatible major release for OpenStack Liberty.
25
+
26
+####Features
27
+- add tag to package and service resources
28
+- add trove::config class
29
+- reflect provider change in puppet-openstacklib
30
+- introduce trove::quota class
31
+- introduce use_guestagent_template option
32
+- make taskmanager_queue option configurable
33
+- add api ratelimit options
34
+- add region and resource url related options
35
+- add default_neutron_networks in trove::taskmanager
36
+- complete qpid support
37
+- keystone/auth: make service description configurable
38
+
39
+####Bugfixes
40
+- fix rabbit_userid parameter
41
+- fix default value of guestagent_config_file option
42
+
43
+####Maintenance
44
+- initial msync run for all Puppet OpenStack modules
45
+- try to use zuul-cloner to prepare fixtures
46
+- remove class_parameter_defaults puppet-lint check
47
+- acceptance: use common bits from puppet-openstack-integration
48
+- acceptance: enable debug & verbosity for OpenStack logs
49
+- fix rspec 3.x syntax
50
+
1 51
 ##2015-10-10 - 6.1.0
2 52
 ###Summary
3 53
 

+ 10
- 23
deployment_scripts/puppet/modules/trove/Gemfile View File

@@ -1,29 +1,16 @@
1
-source 'https://rubygems.org'
1
+source ENV['GEM_SOURCE'] || "https://rubygems.org"
2 2
 
3
-group :development, :test do
4
-  gem 'puppetlabs_spec_helper', :require => false
5
-  gem 'rspec-puppet', '~> 2.1.0', :require => false
6
-
7
-  gem 'metadata-json-lint'
8
-  gem 'puppet-lint-param-docs'
9
-  gem 'puppet-lint-absolute_classname-check'
10
-  gem 'puppet-lint-absolute_template_path'
11
-  gem 'puppet-lint-trailing_newline-check'
12
-
13
-  # Puppet 4.x related lint checks
14
-  gem 'puppet-lint-unquoted_string-check'
15
-  gem 'puppet-lint-leading_zero-check'
16
-  gem 'puppet-lint-variable_contains_upcase'
17
-  gem 'puppet-lint-numericvariable'
18
-
19
-  gem 'beaker-rspec', :require => false
20
-  gem 'beaker-puppet_install_helper', :require => false
21
-  gem 'json'
22
-  gem 'webmock'
3
+group :development, :test, :system_tests do
4
+  gem 'puppet-openstack_spec_helper',
5
+      :git     => 'https://git.openstack.org/openstack/puppet-openstack_spec_helper',
6
+      :branch  => 'stable/liberty',
7
+      :require => false
23 8
 end
24 9
 
25
-group :system_tests do
26
-  gem 'r10k', :require => 'false'
10
+if facterversion = ENV['FACTER_GEM_VERSION']
11
+  gem 'facter', facterversion, :require => false
12
+else
13
+  gem 'facter', :require => false
27 14
 end
28 15
 
29 16
 if puppetversion = ENV['PUPPET_GEM_VERSION']

+ 115
- 1
deployment_scripts/puppet/modules/trove/README.md View File

@@ -1,7 +1,7 @@
1 1
 puppet-trove
2 2
 =============
3 3
 
4
-6.1.0 - 2015.1 - Kilo
4
+7.1.0 - 2015.2 - Liberty
5 5
 
6 6
 #### Table of Contents
7 7
 
@@ -35,6 +35,120 @@ Implementation
35 35
 
36 36
 trove is a combination of Puppet manifest and ruby code to delivery configuration and extra functionality through types and providers.
37 37
 
38
+### Types
39
+
40
+#### trove_config
41
+
42
+The `trove_config` provider is a children of the ini_setting provider. It allows one to write an entry in the `/etc/trove/trove.conf` file.
43
+
44
+```puppet
45
+trove_config { 'DEFAULT/verbose' :
46
+  value => true,
47
+}
48
+```
49
+
50
+This will write `verbose=true` in the `[DEFAULT]` section.
51
+
52
+##### name
53
+
54
+Section/setting name to manage from `trove.conf`
55
+
56
+##### value
57
+
58
+The value of the setting to be defined.
59
+
60
+##### secret
61
+
62
+Whether to hide the value from Puppet logs. Defaults to `false`.
63
+
64
+##### ensure_absent_val
65
+
66
+If value is equal to ensure_absent_val then the resource will behave as if `ensure => absent` was specified. Defaults to `<SERVICE DEFAULT>`
67
+
68
+#### trove_conductor_config
69
+
70
+The `trove_conductor_config` provider is a children of the ini_setting provider. It allows one to write an entry in the `/etc/trove/trove-conductor.conf` file.
71
+
72
+```puppet
73
+trove_conductor_config { 'DEFAULT/verbose' :
74
+  value => true,
75
+}
76
+```
77
+
78
+This will write `verbose=true` in the `[DEFAULT]` section.
79
+
80
+##### name
81
+
82
+Section/setting name to manage from `trove.conf`
83
+
84
+##### value
85
+
86
+The value of the setting to be defined.
87
+
88
+##### secret
89
+
90
+Whether to hide the value from Puppet logs. Defaults to `false`.
91
+
92
+##### ensure_absent_val
93
+
94
+If value is equal to ensure_absent_val then the resource will behave as if `ensure => absent` was specified. Defaults to `<SERVICE DEFAULT>`
95
+
96
+#### trove_guestagent_config
97
+
98
+The `trove_guestagent_config` provider is a children of the ini_setting provider. It allows one to write an entry in the `/etc/trove/trove-guestagent.conf` file.
99
+
100
+```puppet
101
+trove_guestagent_config { 'DEFAULT/verbose' :
102
+  value => true,
103
+}
104
+```
105
+
106
+This will write `verbose=true` in the `[DEFAULT]` section.
107
+
108
+##### name
109
+
110
+Section/setting name to manage from `trove.conf`
111
+
112
+##### value
113
+
114
+The value of the setting to be defined.
115
+
116
+##### secret
117
+
118
+Whether to hide the value from Puppet logs. Defaults to `false`.
119
+
120
+##### ensure_absent_val
121
+
122
+If value is equal to ensure_absent_val then the resource will behave as if `ensure => absent` was specified. Defaults to `<SERVICE DEFAULT>`
123
+
124
+#### trove_taskmanager_config
125
+
126
+The `trove_taskmanager_config` provider is a children of the ini_setting provider. It allows one to write an entry in the `/etc/trove/trove-taskmanager.conf` file.
127
+
128
+```puppet
129
+trove_taskmanager_config { 'DEFAULT/verbose' :
130
+  value => true,
131
+}
132
+```
133
+
134
+This will write `verbose=true` in the `[DEFAULT]` section.
135
+
136
+##### name
137
+
138
+Section/setting name to manage from `trove.conf`
139
+
140
+##### value
141
+
142
+The value of the setting to be defined.
143
+
144
+##### secret
145
+
146
+Whether to hide the value from Puppet logs. Defaults to `false`.
147
+
148
+##### ensure_absent_val
149
+
150
+If value is equal to ensure_absent_val then the resource will behave as if `ensure => absent` was specified. Defaults to `<SERVICE DEFAULT>`
151
+
38 152
 Limitations
39 153
 -----------
40 154
 

+ 18
- 6
deployment_scripts/puppet/modules/trove/Rakefile View File

@@ -1,15 +1,27 @@
1 1
 require 'puppetlabs_spec_helper/rake_tasks'
2 2
 require 'puppet-lint/tasks/puppet-lint'
3
+require 'puppet-syntax/tasks/puppet-syntax'
3 4
 require 'json'
4 5
 
5 6
 modname = JSON.parse(open('metadata.json').read)['name'].split('-')[1]
6 7
 
7
-PuppetLint.configuration.fail_on_warnings = true
8
-PuppetLint.configuration.send('disable_80chars')
9
-PuppetLint.configuration.send('disable_class_parameter_defaults')
8
+PuppetSyntax.exclude_paths ||= []
9
+PuppetSyntax.exclude_paths << "spec/fixtures/**/*"
10
+PuppetSyntax.exclude_paths << "pkg/**/*"
11
+PuppetSyntax.exclude_paths << "vendor/**/*"
10 12
 
11
-task(:default).clear
12
-task :default => [:spec, :lint]
13
+Rake::Task[:lint].clear
14
+PuppetLint::RakeTask.new :lint do |config|
15
+  config.ignore_paths = ["spec/**/*.pp", "vendor/**/*.pp"]
16
+  config.fail_on_warnings = true
17
+  config.log_format = '%{path}:%{linenumber}:%{KIND}: %{message}'
18
+  config.disable_checks = ["80chars", "class_inherits_from_params_class", "only_variable_string"]
19
+end
20
+
21
+desc "Run acceptance tests"
22
+RSpec::Core::RakeTask.new(:acceptance) do |t|
23
+  t.pattern = 'spec/acceptance'
24
+end
13 25
 
14 26
 Rake::Task[:spec_prep].clear
15 27
 desc 'Create the fixtures directory'
@@ -46,7 +58,7 @@ task :spec_prep do
46 58
       zuul_clone_cmd += ['git://git.openstack.org', "#{repo}"]
47 59
       sh(*zuul_clone_cmd)
48 60
     else
49
-      sh("git clone https://git.openstack.org/#{repo} -b stable/kilo #{repo}")
61
+      sh("git clone https://git.openstack.org/#{repo} -b stable/liberty #{repo}")
50 62
     end
51 63
     script = ['env']
52 64
     script += ["PUPPETFILE_DIR=#{Dir.pwd}/spec/fixtures/modules"]

+ 1
- 18
deployment_scripts/puppet/modules/trove/lib/puppet/provider/trove_api_paste_ini/ini_setting.rb View File

@@ -1,27 +1,10 @@
1 1
 Puppet::Type.type(:trove_api_paste_ini).provide(
2 2
   :ini_setting,
3
-  :parent => Puppet::Type.type(:ini_setting).provider(:ruby)
3
+  :parent => Puppet::Type.type(:openstack_config).provider(:ini_setting)
4 4
 ) do
5 5
 
6
-  def section
7
-    resource[:name].split('/', 2).first
8
-  end
9
-
10
-  def setting
11
-    resource[:name].split('/', 2).last
12
-  end
13
-
14
-  def separator
15
-    '='
16
-  end
17
-
18 6
   def self.file_path
19 7
     '/etc/trove/api-paste.ini'
20 8
   end
21 9
 
22
-  # added for backwards compatibility with older versions of inifile
23
-  def file_path
24
-    self.class.file_path
25
-  end
26
-
27 10
 end

+ 1
- 18
deployment_scripts/puppet/modules/trove/lib/puppet/provider/trove_conductor_config/ini_setting.rb View File

@@ -1,27 +1,10 @@
1 1
 Puppet::Type.type(:trove_conductor_config).provide(
2 2
   :ini_setting,
3
-  :parent => Puppet::Type.type(:ini_setting).provider(:ruby)
3
+  :parent => Puppet::Type.type(:openstack_config).provider(:ini_setting)
4 4
 ) do
5 5
 
6
-  def section
7
-    resource[:name].split('/', 2).first
8
-  end
9
-
10
-  def setting
11
-    resource[:name].split('/', 2).last
12
-  end
13
-
14
-  def separator
15
-    '='
16
-  end
17
-
18 6
   def self.file_path
19 7
     '/etc/trove/trove-conductor.conf'
20 8
   end
21 9
 
22
-  # added for backwards compatibility with older versions of inifile
23
-  def file_path
24
-    self.class.file_path
25
-  end
26
-
27 10
 end

+ 1
- 18
deployment_scripts/puppet/modules/trove/lib/puppet/provider/trove_config/ini_setting.rb View File

@@ -1,27 +1,10 @@
1 1
 Puppet::Type.type(:trove_config).provide(
2 2
   :ini_setting,
3
-  :parent => Puppet::Type.type(:ini_setting).provider(:ruby)
3
+  :parent => Puppet::Type.type(:openstack_config).provider(:ini_setting)
4 4
 ) do
5 5
 
6
-  def section
7
-    resource[:name].split('/', 2).first
8
-  end
9
-
10
-  def setting
11
-    resource[:name].split('/', 2).last
12
-  end
13
-
14
-  def separator
15
-    '='
16
-  end
17
-
18 6
   def self.file_path
19 7
     '/etc/trove/trove.conf'
20 8
   end
21 9
 
22
-  # added for backwards compatibility with older versions of inifile
23
-  def file_path
24
-    self.class.file_path
25
-  end
26
-
27 10
 end

+ 1
- 18
deployment_scripts/puppet/modules/trove/lib/puppet/provider/trove_guestagent_config/ini_setting.rb View File

@@ -1,27 +1,10 @@
1 1
 Puppet::Type.type(:trove_guestagent_config).provide(
2 2
   :ini_setting,
3
-  :parent => Puppet::Type.type(:ini_setting).provider(:ruby)
3
+  :parent => Puppet::Type.type(:openstack_config).provider(:ini_setting)
4 4
 ) do
5 5
 
6
-  def section
7
-    resource[:name].split('/', 2).first
8
-  end
9
-
10
-  def setting
11
-    resource[:name].split('/', 2).last
12
-  end
13
-
14
-  def separator
15
-    '='
16
-  end
17
-
18 6
   def self.file_path
19 7
     '/etc/trove/trove-guestagent.conf'
20 8
   end
21 9
 
22
-  # added for backwards compatibility with older versions of inifile
23
-  def file_path
24
-    self.class.file_path
25
-  end
26
-
27 10
 end

+ 1
- 18
deployment_scripts/puppet/modules/trove/lib/puppet/provider/trove_taskmanager_config/ini_setting.rb View File

@@ -1,27 +1,10 @@
1 1
 Puppet::Type.type(:trove_taskmanager_config).provide(
2 2
   :ini_setting,
3
-  :parent => Puppet::Type.type(:ini_setting).provider(:ruby)
3
+  :parent => Puppet::Type.type(:openstack_config).provider(:ini_setting)
4 4
 ) do
5 5
 
6
-  def section
7
-    resource[:name].split('/', 2).first
8
-  end
9
-
10
-  def setting
11
-    resource[:name].split('/', 2).last
12
-  end
13
-
14
-  def separator
15
-    '='
16
-  end
17
-
18 6
   def self.file_path
19 7
     '/etc/trove/trove-taskmanager.conf'
20 8
   end
21 9
 
22
-  # added for backwards compatibility with older versions of inifile
23
-  def file_path
24
-    self.class.file_path
25
-  end
26
-
27 10
 end

+ 9
- 0
deployment_scripts/puppet/modules/trove/lib/puppet/type/trove_api_paste_ini.rb View File

@@ -39,4 +39,13 @@ Puppet::Type.newtype(:trove_api_paste_ini) do
39 39
 
40 40
     defaultto false
41 41
   end
42
+
43
+  newparam(:ensure_absent_val) do
44
+    desc 'A value that is specified as the value property will behave as if ensure => absent was specified'
45
+    defaultto('<SERVICE DEFAULT>')
46
+  end
47
+
48
+  autorequire(:package) do
49
+    'trove-api'
50
+  end
42 51
 end

+ 10
- 0
deployment_scripts/puppet/modules/trove/lib/puppet/type/trove_conductor_config.rb View File

@@ -14,6 +14,7 @@ Puppet::Type.newtype(:trove_conductor_config) do
14 14
       value.capitalize! if value =~ /^(true|false)$/i
15 15
       value
16 16
     end
17
+    newvalues(/^[\S ]*$/)
17 18
 
18 19
     def is_to_s( currentvalue )
19 20
       if resource.secret?
@@ -39,4 +40,13 @@ Puppet::Type.newtype(:trove_conductor_config) do
39 40
 
40 41
     defaultto false
41 42
   end
43
+
44
+  newparam(:ensure_absent_val) do
45
+    desc 'A value that is specified as the value property will behave as if ensure => absent was specified'
46
+    defaultto('<SERVICE DEFAULT>')
47
+  end
48
+
49
+  autorequire(:package) do
50
+    'trove-conductor'
51
+  end
42 52
 end

+ 10
- 0
deployment_scripts/puppet/modules/trove/lib/puppet/type/trove_config.rb View File

@@ -14,6 +14,7 @@ Puppet::Type.newtype(:trove_config) do
14 14
       value.capitalize! if value =~ /^(true|false)$/i
15 15
       value
16 16
     end
17
+    newvalues(/^[\S ]*$/)
17 18
 
18 19
     def is_to_s( currentvalue )
19 20
       if resource.secret?
@@ -39,4 +40,13 @@ Puppet::Type.newtype(:trove_config) do
39 40
 
40 41
     defaultto false
41 42
   end
43
+
44
+  newparam(:ensure_absent_val) do
45
+    desc 'A value that is specified as the value property will behave as if ensure => absent was specified'
46
+    defaultto('<SERVICE DEFAULT>')
47
+  end
48
+
49
+  autorequire(:package) do
50
+    'trove-api'
51
+  end
42 52
 end

+ 10
- 0
deployment_scripts/puppet/modules/trove/lib/puppet/type/trove_guestagent_config.rb View File

@@ -14,6 +14,7 @@ Puppet::Type.newtype(:trove_guestagent_config) do
14 14
       value.capitalize! if value =~ /^(true|false)$/i
15 15
       value
16 16
     end
17
+    newvalues(/^[\S ]*$/)
17 18
 
18 19
     def is_to_s( currentvalue )
19 20
       if resource.secret?
@@ -39,4 +40,13 @@ Puppet::Type.newtype(:trove_guestagent_config) do
39 40
 
40 41
     defaultto false
41 42
   end
43
+
44
+  newparam(:ensure_absent_val) do
45
+    desc 'A value that is specified as the value property will behave as if ensure => absent was specified'
46
+    defaultto('<SERVICE DEFAULT>')
47
+  end
48
+
49
+  autorequire(:package) do
50
+    'trove-guestagent'
51
+  end
42 52
 end

+ 7
- 0
deployment_scripts/puppet/modules/trove/lib/puppet/type/trove_taskmanager_config.rb View File

@@ -14,6 +14,7 @@ Puppet::Type.newtype(:trove_taskmanager_config) do
14 14
       value.capitalize! if value =~ /^(true|false)$/i
15 15
       value
16 16
     end
17
+    newvalues(/^[\S ]*$/)
17 18
 
18 19
     def is_to_s( currentvalue )
19 20
       if resource.secret?
@@ -39,4 +40,10 @@ Puppet::Type.newtype(:trove_taskmanager_config) do
39 40
 
40 41
     defaultto false
41 42
   end
43
+
44
+  newparam(:ensure_absent_val) do
45
+    desc 'A value that is specified as the value property will behave as if ensure => absent was specified'
46
+    defaultto('<SERVICE DEFAULT>')
47
+  end
48
+
42 49
 end

+ 82
- 42
deployment_scripts/puppet/modules/trove/manifests/api.pp View File

@@ -119,6 +119,26 @@
119 119
 #   (optional) CA certificate file to use to verify connecting clients
120 120
 #   Defaults to false, not set
121 121
 #
122
+# [*http_get_rate*]
123
+#   (optional) Default rate limit of GET request.
124
+#   Defaults to 200.
125
+#
126
+# [*http_post_rate*]
127
+#   (optional) Default rate limit of POST request.
128
+#   Defaults to 200.
129
+#
130
+# [*http_put_rate*]
131
+#   (optional) Default rate limit of PUT request.
132
+#   Defaults to 200.
133
+#
134
+# [*http_delete_rate*]
135
+#   (optional) Default rate limit of DELETE request.
136
+#   Defaults to 200.
137
+#
138
+# [*http_mgmt_post_rate*]
139
+#   (optional) Default rate limit of mgmt post request.
140
+#   Defaults to 200.
141
+#
122 142
 class trove::api(
123 143
   $keystone_password,
124 144
   $verbose                      = false,
@@ -142,42 +162,22 @@ class trove::api(
142 162
   $cert_file                    = false,
143 163
   $key_file                     = false,
144 164
   $ca_file                      = false,
165
+  $http_get_rate                = 200,
166
+  $http_post_rate               = 200,
167
+  $http_put_rate                = 200,
168
+  $http_delete_rate             = 200,
169
+  $http_mgmt_post_rate          = 200,
145 170
   $manage_service               = true,
146 171
   $ensure_package               = 'present',
147 172
 ) inherits trove {
148 173
 
149 174
   require ::keystone::python
175
+  include ::trove::db
150 176
   include ::trove::params
151 177
 
152 178
   Trove_config<||> ~> Exec['post-trove_config']
153 179
   Trove_config<||> ~> Service['trove-api']
154
-  Package['trove-api'] -> Trove_api_paste_ini<||>
155 180
   Trove_api_paste_ini<||> ~> Service['trove-api']
156
-  # Trove db sync is broken in Ubuntu packaging
157
-  # This is a temporary fix until it's fixed in packaging.
158
-  # https://bugs.launchpad.net/ubuntu/+source/openstack-trove/+bug/1451134
159
-  file { '/etc/trove/trove.conf':
160
-    require => File['/etc/trove'],
161
-  }
162
-  File['/etc/trove/trove.conf'] -> Trove_config<||>
163
-  Trove_config<||> -> Package[$::trove::params::api_package_name]
164
-
165
-  if $::trove::database_connection {
166
-    if($::trove::database_connection =~ /mysql:\/\/\S+:\S+@\S+\/\S+/) {
167
-      require 'mysql::bindings'
168
-      require 'mysql::bindings::python'
169
-    } elsif($::trove::database_connection =~ /postgresql:\/\/\S+:\S+@\S+\/\S+/) {
170
-
171
-    } elsif($::trove::database_connection =~ /sqlite:\/\//) {
172
-
173
-    } else {
174
-      fail("Invalid db connection ${::trove::database_connection}")
175
-    }
176
-    trove_config {
177
-      'database/connection':   value => $::trove::database_connection;
178
-      'database/idle_timeout': value => $::trove::database_idle_timeoutl;
179
-    }
180
-  }
181 181
 
182 182
   # basic service config
183 183
   trove_config {
@@ -191,6 +191,7 @@ class trove::api(
191 191
     'DEFAULT/nova_proxy_admin_pass':        value => $::trove::nova_proxy_admin_pass;
192 192
     'DEFAULT/nova_proxy_admin_tenant_name': value => $::trove::nova_proxy_admin_tenant_name;
193 193
     'DEFAULT/control_exchange':             value => $::trove::control_exchange;
194
+    'DEFAULT/rpc_backend':                  value => $::trove::rpc_backend;
194 195
   }
195 196
 
196 197
   if $auth_url {
@@ -271,30 +272,66 @@ class trove::api(
271 272
     }
272 273
   }
273 274
 
275
+  # rate limits
276
+  trove_config {
277
+    'DEFAULT/http_get_rate':       value => $http_get_rate;
278
+    'DEFAULT/http_post_rate':      value => $http_post_rate;
279
+    'DEFAULT/http_put_rate':       value => $http_put_rate;
280
+    'DEFAULT/http_delete_rate':    value => $http_delete_rate;
281
+    'DEFAULT/http_mgmt_post_rate': value => $http_mgmt_post_rate;
282
+  }
283
+
274 284
   resources { 'trove_config':
275 285
     purge => $purge_config,
276 286
   }
277 287
 
278
-  if $::trove::rpc_backend == 'trove.openstack.common.rpc.impl_kombu' {
288
+  # region name
289
+  if $::trove::os_region_name {
290
+    trove_config { 'DEFAULT/os_region_name': value => $::trove::os_region_name }
291
+  }
292
+  else {
293
+    trove_config {'DEFAULT/os_region_name': ensure => absent }
294
+  }
295
+
296
+  # services type
297
+  trove_config {
298
+    'DEFAULT/nova_compute_service_type': value => $::trove::nova_compute_service_type;
299
+    'DEFAULT/cinder_service_type':       value => $::trove::cinder_service_type;
300
+    'DEFAULT/neutron_service_type':      value => $::trove::neutron_service_type;
301
+    'DEFAULT/swift_service_type':        value => $::trove::swift_service_type;
302
+    'DEFAULT/heat_service_type':         value => $::trove::heat_service_type;
303
+  }
304
+
305
+  if $::trove::rpc_backend == 'trove.openstack.common.rpc.impl_kombu' or $::trove::rpc_backend == 'rabbit' {
279 306
     if ! $::trove::rabbit_password {
280 307
       fail('When rpc_backend is rabbitmq, you must set rabbit password')
281 308
     }
282 309
     if $::trove::rabbit_hosts {
283
-      trove_config { 'oslo_messaging_rabbit/rabbit_hosts':     value  => join($::trove::rabbit_hosts, ',') }
284
-      trove_config { 'oslo_messaging_rabbit/rabbit_ha_queues': value  => true }
310
+      trove_config { 'oslo_messaging_rabbit/rabbit_hosts':     value  => $::trove::rabbit_hosts }
285 311
     } else  {
286 312
       trove_config { 'oslo_messaging_rabbit/rabbit_host':      value => $::trove::rabbit_host }
287 313
       trove_config { 'oslo_messaging_rabbit/rabbit_port':      value => $::trove::rabbit_port }
288 314
       trove_config { 'oslo_messaging_rabbit/rabbit_hosts':     value => "${::trove::rabbit_host}:${::trove::rabbit_port}" }
289
-      trove_config { 'oslo_messaging_rabbit/rabbit_ha_queues': value => false }
315
+    }
316
+
317
+    if $::trove::rabbit_ha_queues == undef {
318
+      if size($::trove::rabbit_hosts) > 1 {
319
+        trove_config { 'oslo_messaging_rabbit/rabbit_ha_queues': value  => true }
320
+      } else {
321
+        trove_config { 'oslo_messaging_rabbit/rabbit_ha_queues': value => false }
322
+      }
323
+    } else {
324
+      trove_config { 'oslo_messaging_rabbit/rabbit_ha_queues': value => $::trove::rabbit_ha_queues }
290 325
     }
291 326
 
292 327
     trove_config {
293
-      'oslo_messaging_rabbit/rabbit_userid':         value => $::trove::rabbit_user;
328
+      'oslo_messaging_rabbit/rabbit_userid':         value => $::trove::rabbit_userid;
294 329
       'oslo_messaging_rabbit/rabbit_password':       value => $::trove::rabbit_password, secret => true;
295 330
       'oslo_messaging_rabbit/rabbit_virtual_host':   value => $::trove::rabbit_virtual_host;
296 331
       'oslo_messaging_rabbit/rabbit_use_ssl':        value => $::trove::rabbit_use_ssl;
297 332
       'oslo_messaging_rabbit/kombu_reconnect_delay': value => $::trove::kombu_reconnect_delay;
333
+      # TODO(shaikapsar): remove this line once bug/1486319 merged to stable/liberty.
334
+      'oslo_messaging_rabbit/amqp_durable_queues':   value => $::trove::amqp_durable_queues;
298 335
     }
299 336
 
300 337
     if $::trove::rabbit_use_ssl {
@@ -333,29 +370,32 @@ class trove::api(
333 370
     }
334 371
   }
335 372
 
336
-  if $::trove::rpc_backend == 'trove.openstack.common.rpc.impl_qpid' {
373
+  if $::trove::rpc_backend == 'trove.openstack.common.rpc.impl_qpid' or $::trove::rpc_backend == 'qpid'{
374
+
375
+    warning('Qpid driver is removed from Oslo.messaging in the Mitaka release')
376
+
337 377
     trove_config {
338
-      'DEFAULT/qpid_hostname':               value => $::trove::qpid_hostname;
339
-      'DEFAULT/qpid_port':                   value => $::trove::qpid_port;
340
-      'DEFAULT/qpid_username':               value => $::trove::qpid_username;
341
-      'DEFAULT/qpid_password':               value => $::trove::qpid_password, secret => true;
342
-      'DEFAULT/qpid_heartbeat':              value => $::trove::qpid_heartbeat;
343
-      'DEFAULT/qpid_protocol':               value => $::trove::qpid_protocol;
344
-      'DEFAULT/qpid_tcp_nodelay':            value => $::trove::qpid_tcp_nodelay;
378
+      'oslo_messaging_qpid/qpid_hostname':               value => $::trove::qpid_hostname;
379
+      'oslo_messaging_qpid/qpid_port':                   value => $::trove::qpid_port;
380
+      'oslo_messaging_qpid/qpid_username':               value => $::trove::qpid_username;
381
+      'oslo_messaging_qpid/qpid_password':               value => $::trove::qpid_password, secret => true;
382
+      'oslo_messaging_qpid/qpid_heartbeat':              value => $::trove::qpid_heartbeat;
383
+      'oslo_messaging_qpid/qpid_protocol':               value => $::trove::qpid_protocol;
384
+      'oslo_messaging_qpid/qpid_tcp_nodelay':            value => $::trove::qpid_tcp_nodelay;
345 385
     }
346 386
     if is_array($::trove::qpid_sasl_mechanisms) {
347 387
       trove_config {
348
-        'DEFAULT/qpid_sasl_mechanisms': value => join($::trove::qpid_sasl_mechanisms, ' ');
388
+        'oslo_messaging_qpid/qpid_sasl_mechanisms': value => join($::trove::qpid_sasl_mechanisms, ' ');
349 389
       }
350 390
     }
351 391
     elsif $::trove::qpid_sasl_mechanisms {
352 392
       trove_config {
353
-        'DEFAULT/qpid_sasl_mechanisms': value => $::trove::qpid_sasl_mechanisms;
393
+        'oslo_messaging_qpid/qpid_sasl_mechanisms': value => $::trove::qpid_sasl_mechanisms;
354 394
       }
355 395
     }
356 396
     else {
357 397
       trove_config {
358
-        'DEFAULT/qpid_sasl_mechanisms': ensure => absent;
398
+        'oslo_messaging_qpid/qpid_sasl_mechanisms': ensure => absent;
359 399
       }
360 400
     }
361 401
   }

+ 28
- 22
deployment_scripts/puppet/modules/trove/manifests/conductor.pp View File

@@ -68,14 +68,6 @@ class trove::conductor(
68 68
 
69 69
   Trove_conductor_config<||> ~> Exec['post-trove_config']
70 70
   Trove_conductor_config<||> ~> Service['trove-conductor']
71
-  # Trove db sync is broken in Ubuntu packaging
72
-  # This is a temporary fix until it's fixed in packaging.
73
-  # https://bugs.launchpad.net/ubuntu/+source/openstack-trove/+bug/1451134
74
-  file { '/etc/trove/trove-conductor.conf':
75
-    require => File['/etc/trove'],
76
-  }
77
-  File['/etc/trove/trove-conductor.conf'] -> Trove_conductor_config<||>
78
-  Trove_conductor_config<||> -> Package[$::trove::params::conductor_package_name]
79 71
 
80 72
   if $::trove::database_connection {
81 73
     if($::trove::database_connection =~ /mysql:\/\/\S+:\S+@\S+\/\S+/) {
@@ -103,28 +95,39 @@ class trove::conductor(
103 95
     'DEFAULT/nova_proxy_admin_tenant_name': value => $::trove::nova_proxy_admin_tenant_name;
104 96
     'DEFAULT/nova_proxy_admin_pass':        value => $::trove::nova_proxy_admin_pass;
105 97
     'DEFAULT/control_exchange':             value => $::trove::control_exchange;
98
+    'DEFAULT/rpc_backend':                  value => $::trove::rpc_backend;
106 99
   }
107 100
 
108
-  if $::trove::rpc_backend == 'trove.openstack.common.rpc.impl_kombu' {
101
+  if $::trove::rpc_backend == 'trove.openstack.common.rpc.impl_kombu' or $::trove::rpc_backend == 'rabbit' {
109 102
     if ! $::trove::rabbit_password {
110 103
       fail('When rpc_backend is rabbitmq, you must set rabbit password')
111 104
     }
112 105
     if $::trove::rabbit_hosts {
113
-      trove_conductor_config { 'oslo_messaging_rabbit/rabbit_hosts':     value  => join($::trove::rabbit_hosts, ',') }
114
-      trove_conductor_config { 'oslo_messaging_rabbit/rabbit_ha_queues': value  => true }
106
+      trove_conductor_config { 'oslo_messaging_rabbit/rabbit_hosts':     value  => ::trove::rabbit_hosts }
115 107
     } else  {
116 108
       trove_conductor_config { 'oslo_messaging_rabbit/rabbit_host':      value => $::trove::rabbit_host }
117 109
       trove_conductor_config { 'oslo_messaging_rabbit/rabbit_port':      value => $::trove::rabbit_port }
118 110
       trove_conductor_config { 'oslo_messaging_rabbit/rabbit_hosts':     value => "${::trove::rabbit_host}:${::trove::rabbit_port}" }
119
-      trove_conductor_config { 'oslo_messaging_rabbit/rabbit_ha_queues': value => false }
111
+    }
112
+
113
+    if $::trove::rabbit_ha_queues == undef {
114
+      if size($::trove::rabbit_hosts) > 1 {
115
+        trove_conductor_config { 'oslo_messaging_rabbit/rabbit_ha_queues': value  => true }
116
+      } else {
117
+        trove_conductor_config { 'oslo_messaging_rabbit/rabbit_ha_queues': value => false }
118
+      }
119
+    } else {
120
+      trove_conductor_config { 'oslo_messaging_rabbit/rabbit_ha_queues': value => $::trove::rabbit_ha_queues }
120 121
     }
121 122
 
122 123
     trove_conductor_config {
123
-      'oslo_messaging_rabbit/rabbit_userid':         value => $::trove::rabbit_user;
124
+      'oslo_messaging_rabbit/rabbit_userid':         value => $::trove::rabbit_userid;
124 125
       'oslo_messaging_rabbit/rabbit_password':       value => $::trove::rabbit_password, secret => true;
125 126
       'oslo_messaging_rabbit/rabbit_virtual_host':   value => $::trove::rabbit_virtual_host;
126 127
       'oslo_messaging_rabbit/rabbit_use_ssl':        value => $::trove::rabbit_use_ssl;
127 128
       'oslo_messaging_rabbit/kombu_reconnect_delay': value => $::trove::kombu_reconnect_delay;
129
+      # TODO(shaikapsar): remove this line once bug/1486319 merged to stable/liberty.
130
+      'oslo_messaging_rabbit/amqp_durable_queues':   value => $::trove::amqp_durable_queues;
128 131
     }
129 132
 
130 133
     if $::trove::rabbit_use_ssl {
@@ -163,19 +166,22 @@ class trove::conductor(
163 166
     }
164 167
   }
165 168
 
166
-  if $::trove::rpc_backend == 'trove.openstack.common.rpc.impl_qpid' {
169
+  if $::trove::rpc_backend == 'trove.openstack.common.rpc.impl_qpid' or $::trove::rpc_backend == 'qpid'{
170
+
171
+    warning('Qpid driver is removed from Oslo.messaging in the Mitaka release')
172
+
167 173
     trove_conductor_config {
168
-      'DEFAULT/qpid_hostname':               value => $::trove::qpid_hostname;
169
-      'DEFAULT/qpid_port':                   value => $::trove::qpid_port;
170
-      'DEFAULT/qpid_username':               value => $::trove::qpid_username;
171
-      'DEFAULT/qpid_password':               value => $::trove::qpid_password, secret => true;
172
-      'DEFAULT/qpid_heartbeat':              value => $::trove::qpid_heartbeat;
173
-      'DEFAULT/qpid_protocol':               value => $::trove::qpid_protocol;
174
-      'DEFAULT/qpid_tcp_nodelay':            value => $::trove::qpid_tcp_nodelay;
174
+      'oslo_messaging_qpid/qpid_hostname':    value => $::trove::qpid_hostname;
175
+      'oslo_messaging_qpid/qpid_port':        value => $::trove::qpid_port;
176
+      'oslo_messaging_qpid/qpid_username':    value => $::trove::qpid_username;
177
+      'oslo_messaging_qpid/qpid_password':    value => $::trove::qpid_password, secret => true;
178
+      'oslo_messaging_qpid/qpid_heartbeat':   value => $::trove::qpid_heartbeat;
179
+      'oslo_messaging_qpid/qpid_protocol':    value => $::trove::qpid_protocol;
180
+      'oslo_messaging_qpid/qpid_tcp_nodelay': value => $::trove::qpid_tcp_nodelay;
175 181
     }
176 182
     if is_array($::trove::qpid_sasl_mechanisms) {
177 183
       trove_conductor_config {
178
-        'DEFAULT/qpid_sasl_mechanisms': value => join($::trove::qpid_sasl_mechanisms, ' ');
184
+        'oslo_messaging_qpid/qpid_sasl_mechanisms': value => join($::trove::qpid_sasl_mechanisms, ' ');
179 185
       }
180 186
     }
181 187
   }

+ 103
- 0
deployment_scripts/puppet/modules/trove/manifests/db.pp View File

@@ -0,0 +1,103 @@
1
+# == Class: trove::db
2
+#
3
+#  Configure the Trove database
4
+#
5
+# === Parameters
6
+#
7
+# [*database_connection*]
8
+#   Url used to connect to database.
9
+#   (Optional) Defaults to 'sqlite:////var/lib/trove/trove.sqlite'.
10
+#
11
+# [*database_idle_timeout*]
12
+#   Timeout when db connections should be reaped.
13
+#   (Optional) Defaults to 3600.
14
+#
15
+# [*database_max_retries*]
16
+#   Maximum number of database connection retries during startup.
17
+#   Setting -1 implies an infinite retry count.
18
+#   (Optional) Defaults to 10.
19
+#
20
+# [*database_retry_interval*]
21
+#   Interval between retries of opening a database connection.
22
+#   (Optional) Defaults to 10.
23
+#
24
+# [*database_min_pool_size*]
25
+#   Minimum number of SQL connections to keep open in a pool.
26
+#   (Optional) Defaults to 1.
27
+#
28
+# [*database_max_pool_size*]
29
+#   Maximum number of SQL connections to keep open in a pool.
30
+#   (Optional) Defaults to 10.
31
+#
32
+# [*database_max_overflow*]
33
+#   If set, use this value for max_overflow with sqlalchemy.
34
+#   (Optional) Defaults to 20.
35
+#
36
+class trove::db (
37
+  $database_connection     = 'sqlite:////var/lib/trove/trove.sqlite',
38
+  $database_idle_timeout   = 3600,
39
+  $database_min_pool_size  = 1,
40
+  $database_max_pool_size  = 10,
41
+  $database_max_retries    = 10,
42
+  $database_retry_interval = 10,
43
+  $database_max_overflow   = 20,
44
+) {
45
+
46
+  include ::trove::params
47
+
48
+  # NOTE(spredzy): In order to keep backward compatibility we rely on the pick function
49
+  # to use trove::<myparam> if trove::db::<myparam> isn't specified.
50
+  $database_connection_real     = pick($::trove::database_connection, $database_connection)
51
+  $database_idle_timeout_real   = pick($::trove::database_idle_timeout, $database_idle_timeout)
52
+  $database_min_pool_size_real  = pick($::trove::database_min_pool_size, $database_min_pool_size)
53
+  $database_max_pool_size_real  = pick($::trove::database_max_pool_size, $database_max_pool_size)
54
+  $database_max_retries_real    = pick($::trove::database_max_retries, $database_max_retries)
55
+  $database_retry_interval_real = pick($::trove::database_retry_interval, $database_retry_interval)
56
+  $database_max_overflow_real   = pick($::trove::database_max_overflow, $database_max_overflow)
57
+
58
+  validate_re($database_connection_real,
59
+    '^(sqlite|mysql(\+pymysql)?|postgresql):\/\/(\S+:\S+@\S+\/\S+)?')
60
+
61
+  if $database_connection_real {
62
+    case $database_connection_real {
63
+      /^mysql(\+pymysql)?:\/\//: {
64
+        require 'mysql::bindings'
65
+        require 'mysql::bindings::python'
66
+        if $database_connection_real =~ /^mysql\+pymysql/ {
67
+          $backend_package = $::trove::params::pymysql_package_name
68
+        } else {
69
+          $backend_package = false
70
+        }
71
+      }
72
+      /^postgresql:\/\//: {
73
+        $backend_package = false
74
+        require 'postgresql::lib::python'
75
+      }
76
+      /^sqlite:\/\//: {
77
+        $backend_package = $::trove::params::sqlite_package_name
78
+      }
79
+      default: {
80
+        fail('Unsupported backend configured')
81
+      }
82
+    }
83
+
84
+    if $backend_package and !defined(Package[$backend_package]) {
85
+      package {'trove-backend-package':
86
+        ensure => present,
87
+        name   => $backend_package,
88
+        tag    => 'openstack',
89
+      }
90
+    }
91
+
92
+    trove_config {
93