haproxy and firewall

Change-Id: I956a759a704f3bdc8195adae5bdbc82475b7a9c0
This commit is contained in:
Igor Gajsin 2016-08-01 20:33:35 +03:00
parent c71556cf3a
commit a56de2fdfd
5 changed files with 131 additions and 6 deletions

View File

@ -0,0 +1,30 @@
notify {'MODULAR: fuel-plugin-manila/haproxy': }
$internal_virtual_ip = hiera('management_vip')
$ns = hiera_hash('network_scheme', {})
$br_mgmt = split($ns['endpoints']['br-mgmt']['IP'][0], '/')
$ipaddresses = $br_mgmt[0]
$public_virtual_ip = hiera('public_vip')
# dirty hack.
$cinder_address_map = get_node_to_ipaddr_map_by_network_role(hiera_hash('cinder_nodes'), 'cinder/api')
$server_names = hiera_array('cinder_names', keys($cinder_address_map))
#
$ssl_hash = hiera_hash('use_ssl', {})
$public_ssl_hash = hiera_hash('public_ssl', {})
$public_ssl = get_ssl_property($ssl_hash, $public_ssl_hash, 'manila', 'public', 'usage', false)
$public_ssl_path = get_ssl_property($ssl_hash, $public_ssl_hash, 'manila', 'public', 'path', [''])
$internal_ssl = get_ssl_property($ssl_hash, {}, 'manila', 'internal', 'usage', false)
$internal_ssl_path = get_ssl_property($ssl_hash, {}, 'manila', 'internal', 'path', [''])
class { '::manila_auxiliary::haproxy':
internal_virtual_ip => $internal_virtual_ip,
ipaddresses => $ipaddresses,
public_virtual_ip => $public_virtual_ip,
server_names => $server_names,
public_ssl => $public_ssl,
public_ssl_path => $public_ssl_path,
internal_ssl => $internal_ssl,
internal_ssl_path => $internal_ssl_path,
}

View File

@ -92,3 +92,10 @@ $gen = {'generic' =>
} }
create_resources('::manila::backend::generic', $gen) create_resources('::manila::backend::generic', $gen)
class {'::manila::scheduler':
scheduler_driver => 'manila.scheduler.drivers.filter.FilterScheduler',
package_ensure => 'absent',
enabled => true,
manage_service => true,
}

View File

@ -0,0 +1,79 @@
# == Class: manila_auxiliary::haproxy
#
# HA configuration for OpenStack Manila
#
# === Parameters
#
# [*internal_virtual_ip*]
# (required) String. This is the ipaddress to be used for the internal facing
# vip
#
# [*ipaddresses*]
# (required) Array. This is an array of ipaddresses for the backend services
# to be loadbalanced
#
# [*public_ssl*]
# (optional) Boolean. If true, enables SSL for $public_virtual_ip
# Defaults to false.
#
# [*public_ssl_path*]
# (optional) String. Filesystem path to the file with public certificate
# content
# Defaults to undef
#
# [*internal_ssl*]
# (optional) Boolean. If true, enables SSL for $internal_virtual_ip
# Defaults to false.
#
# [*internal_ssl_path*]
# (optional) String. Filesystem path to the file with internal certificate
# content
# Defaults to undef
#
# [*public_virtual_ip*]
# (required) String. This is the ipaddress to be used for the external facing
# vip
#
# [*server_names*]
# (required) Array. This is an array of server names for the haproxy service
#
class manila_auxiliary::haproxy (
$internal_virtual_ip,
$ipaddresses,
$public_virtual_ip,
$server_names,
$public_ssl = false,
$public_ssl_path = undef,
$internal_ssl = false,
$internal_ssl_path = under,
) {
Openstack::Ha::Haproxy_service {
internal_virtual_ip => $internal_virtual_ip,
ipaddresses => $ipaddresses,
public_virtual_ip => $public_virtual_ip,
server_names => $server_names,
}
openstack::ha::haproxy_service { 'manila-api':
order => '070',
listen_port => 8786,
public => true,
public_ssl => $public_ssl,
public_ssl_path => $public_ssl_path,
internal_ssl => $internal_ssl,
internal_ssl_path => $internal_ssl_path,
require_service => 'manila-api',
server_names => $server_names,
ipaddresses => $ipaddresses,
define_backups => true,
haproxy_config_options => {
option => ['httpchk', 'httplog', 'httpclose'],
'http-request' => 'set-header X-Forwarded-Proto https if { ssl_fc }',
},
balancermember_options => 'check inter 10s fastinter 2s downinter 3s rise 3 fall 3',
}
firewall {'8786 manila-api':
port => [8786],
proto => 'tcp',
action => 'accept',
}
}

View File

@ -70,7 +70,15 @@
puppet_modules: "puppet/modules:/etc/puppet/modules" puppet_modules: "puppet/modules:/etc/puppet/modules"
timeout: 3600 timeout: 3600
- id: manila-haproxy
type: puppet
groups: [primary-controller, controller]
version: 2.1.0
requires: [manila-install]
parameters:
puppet_manifest: "puppet/manifests/haproxy.pp"
puppet_modules: "puppet/modules:/etc/puppet/modules"
timeout: 3600
- id: manila-main - id: manila-main
type: puppet type: puppet
@ -80,6 +88,7 @@
- name: manila-db - name: manila-db
cross-depended-by: cross-depended-by:
- name: deploy_end - name: deploy_end
requires: [manila-install, manila-haproxy]
parameters: parameters:
puppet_manifest: "puppet/manifests/site.pp" puppet_manifest: "puppet/manifests/site.pp"
puppet_modules: "puppet/modules:/etc/puppet/modules" puppet_modules: "puppet/modules:/etc/puppet/modules"

View File

@ -1,11 +1,11 @@
# Plugin name # Plugin name
name: fuel-plugin-manila name: fuel-plugin-manila
# Human-readable name for your plugin # Human-readable name for your plugin
title: Title for fuel-plugin-manila plugin title: enable Manila service
# Plugin version # Plugin version
version: '1.0.5' version: '1.0.7'
# Description # Description
description: Please describe your plugin here description: Manila is the File Storage as a Service OpenStack project
# Required fuel version # Required fuel version
fuel_version: ['9.0'] fuel_version: ['9.0']
# Specify license of your plugin # Specify license of your plugin
@ -13,14 +13,14 @@ licenses: ['Apache License Version 2.0']
# Specify author or company name # Specify author or company name
authors: ['Mirantis'] authors: ['Mirantis']
# A link to the plugin's page # A link to the plugin's page
homepage: 'https://github.com/igajsin/manila-plugin' homepage: 'https://github.com/openstack/fuel-plugin-manila'
# Specify a group which your plugin implements, possible options: # Specify a group which your plugin implements, possible options:
# network, storage, storage::cinder, storage::glance, hypervisor, # network, storage, storage::cinder, storage::glance, hypervisor,
# equipment # equipment
groups: ['storage'] groups: ['storage']
# Change `false` to `true` if the plugin can be installed in the environment # Change `false` to `true` if the plugin can be installed in the environment
# after the deployment. # after the deployment.
is_hotpluggable: false is_hotpluggable: true
# The plugin is compatible with releases in the list # The plugin is compatible with releases in the list
releases: releases: