haproxy and firewall

Change-Id: I956a759a704f3bdc8195adae5bdbc82475b7a9c0

deployment_scripts/puppet/manifests/haproxy.pp

@@ -0,0 +1,30 @@
+notify {'MODULAR: fuel-plugin-manila/haproxy': }
+
+$internal_virtual_ip = hiera('management_vip')
+$ns                  = hiera_hash('network_scheme', {})
+$br_mgmt             = split($ns['endpoints']['br-mgmt']['IP'][0], '/')
+$ipaddresses         = $br_mgmt[0]
+$public_virtual_ip   = hiera('public_vip')
+# dirty hack.
+$cinder_address_map  = get_node_to_ipaddr_map_by_network_role(hiera_hash('cinder_nodes'), 'cinder/api')
+$server_names        = hiera_array('cinder_names', keys($cinder_address_map))
+#
+$ssl_hash           = hiera_hash('use_ssl', {})
+$public_ssl_hash    = hiera_hash('public_ssl', {})
+$public_ssl         = get_ssl_property($ssl_hash, $public_ssl_hash, 'manila', 'public', 'usage', false)
+$public_ssl_path    = get_ssl_property($ssl_hash, $public_ssl_hash, 'manila', 'public', 'path', [''])
+
+$internal_ssl       = get_ssl_property($ssl_hash, {}, 'manila', 'internal', 'usage', false)
+$internal_ssl_path  = get_ssl_property($ssl_hash, {}, 'manila', 'internal', 'path', [''])
+
+
+class { '::manila_auxiliary::haproxy':
+  internal_virtual_ip => $internal_virtual_ip,
+  ipaddresses         => $ipaddresses,
+  public_virtual_ip   => $public_virtual_ip,
+  server_names        => $server_names,
+  public_ssl          => $public_ssl,
+  public_ssl_path     => $public_ssl_path,
+  internal_ssl        => $internal_ssl,
+  internal_ssl_path   => $internal_ssl_path,
+}

deployment_scripts/puppet/manifests/site.pp

@@ -92,3 +92,10 @@ $gen = {'generic' =>
 }
 
 create_resources('::manila::backend::generic', $gen)
+
+class {'::manila::scheduler':
+  scheduler_driver => 'manila.scheduler.drivers.filter.FilterScheduler',
+  package_ensure   => 'absent',
+  enabled          => true,
+  manage_service   => true,
+}

deployment_scripts/puppet/modules/manila_auxiliary/manifests/haproxy.pp

@@ -0,0 +1,79 @@
+# == Class: manila_auxiliary::haproxy
+#
+# HA configuration for OpenStack Manila
+#
+# === Parameters
+#
+# [*internal_virtual_ip*]
+#   (required) String. This is the ipaddress to be used for the internal facing
+#   vip
+#
+# [*ipaddresses*]
+#   (required) Array. This is an array of ipaddresses for the backend services
+#   to be loadbalanced
+#
+# [*public_ssl*]
+#   (optional) Boolean. If true, enables SSL for $public_virtual_ip
+#   Defaults to false.
+#
+# [*public_ssl_path*]
+#   (optional) String. Filesystem path to the file with public certificate
+#   content
+#   Defaults to undef
+#
+# [*internal_ssl*]
+#   (optional) Boolean. If true, enables SSL for $internal_virtual_ip
+#   Defaults to false.
+#
+# [*internal_ssl_path*]
+#   (optional) String. Filesystem path to the file with internal certificate
+#   content
+#   Defaults to undef
+#
+# [*public_virtual_ip*]
+#   (required) String. This is the ipaddress to be used for the external facing
+#   vip
+#
+# [*server_names*]
+#   (required) Array. This is an array of server names for the haproxy service
+#
+class manila_auxiliary::haproxy (
+  $internal_virtual_ip,
+  $ipaddresses,
+  $public_virtual_ip,
+  $server_names,
+  $public_ssl        = false,
+  $public_ssl_path   = undef,
+  $internal_ssl      = false,
+  $internal_ssl_path = under,
+) {
+  Openstack::Ha::Haproxy_service {
+    internal_virtual_ip => $internal_virtual_ip,
+    ipaddresses         => $ipaddresses,
+    public_virtual_ip   => $public_virtual_ip,
+    server_names        => $server_names,
+  }
+  openstack::ha::haproxy_service { 'manila-api':
+    order                  => '070',
+    listen_port            => 8786,
+    public                 => true,
+    public_ssl             => $public_ssl,
+    public_ssl_path        => $public_ssl_path,
+    internal_ssl           => $internal_ssl,
+    internal_ssl_path      => $internal_ssl_path,
+    require_service        => 'manila-api',
+    server_names           => $server_names,
+    ipaddresses            => $ipaddresses,
+    define_backups         => true,
+    haproxy_config_options => {
+      option         => ['httpchk', 'httplog', 'httpclose'],
+      'http-request' => 'set-header X-Forwarded-Proto https if { ssl_fc }',
+    },
+    balancermember_options => 'check inter 10s fastinter 2s downinter 3s rise 3 fall 3',
+  }
+  firewall {'8786 manila-api':
+    port   => [8786],
+    proto  => 'tcp',
+    action => 'accept',
+  }
+}

deployment_tasks.yaml

@@ -70,7 +70,15 @@
     puppet_modules: "puppet/modules:/etc/puppet/modules"
     timeout: 3600
 
-
+- id: manila-haproxy
+  type: puppet
+  groups: [primary-controller, controller]
+  version: 2.1.0
+  requires: [manila-install]
+  parameters:
+    puppet_manifest: "puppet/manifests/haproxy.pp"
+    puppet_modules: "puppet/modules:/etc/puppet/modules"
+    timeout: 3600
 
 - id: manila-main
   type: puppet
@@ -80,6 +88,7 @@
     - name: manila-db
   cross-depended-by:
     - name: deploy_end
+  requires: [manila-install, manila-haproxy]
   parameters:
     puppet_manifest: "puppet/manifests/site.pp"
     puppet_modules: "puppet/modules:/etc/puppet/modules"

metadata.yaml

@@ -1,11 +1,11 @@
 # Plugin name
 name: fuel-plugin-manila
 # Human-readable name for your plugin
-title: Title for fuel-plugin-manila plugin
+title: enable Manila service
 # Plugin version
-version: '1.0.5'
+version: '1.0.7'
 # Description
-description: Please describe your plugin here
+description: Manila is the File Storage as a Service OpenStack project
 # Required fuel version
 fuel_version: ['9.0']
 # Specify license of your plugin
@@ -13,14 +13,14 @@ licenses: ['Apache License Version 2.0']
 # Specify author or company name
 authors: ['Mirantis']
 # A link to the plugin's page
-homepage: 'https://github.com/igajsin/manila-plugin'
+homepage: 'https://github.com/openstack/fuel-plugin-manila'
 # Specify a group which your plugin implements, possible options:
 # network, storage, storage::cinder, storage::glance, hypervisor,
 # equipment
 groups: ['storage']
 # Change `false` to `true` if the plugin can be installed in the environment
 # after the deployment.
-is_hotpluggable: false
+is_hotpluggable: true
 
 # The plugin is compatible with releases in the list
 releases: