Code refactoring

Change-Id: I1248ee7494616ed2f8663fe0d383d3a651e2fdba
This commit is contained in:
Andrey Epifanov 2015-02-13 16:12:02 +03:00
parent f30e0b2c03
commit c4c2ce44f5
2 changed files with 45 additions and 52 deletions

View File

@ -1,26 +1,8 @@
#This class contains common changes for deployment FWaaS functionality in Neutron.
#It enables Firewall tab in Horizon and restart Neutron L3 agent.
class fwaas {
include fwaas::params
$node_name = $fwaas::params::node_name
service { $fwaas::params::dashboard_service:
ensure => running,
enable => true,
}
service { $fwaas::params::server_service:
ensure => running,
enable => true,
}
exec { 'enable_fwaas_dashboard':
command => "/bin/sed -i \"s/'enable_firewall': False/'enable_firewall': True/\" $fwaas::params::dashboard_settings",
unless => "/bin/egrep \"'enable_firewall': True\" $fwaas::params::dashboard_settings",
}
class fwaas::enable_in_neutron_config {
ini_subsetting {'add_fwaas_service_plugin':
ensure => present,
@ -34,47 +16,60 @@ class fwaas {
}
neutron_config {
'service_providers/service_provider': value => 'FIREWALL:Iptables:neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver:default';
'fwaas/enabled' : value => 'True';
'fwaas/driver' : value => 'neutron.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver';
'fwaas/enabled': value => 'True';
'fwaas/driver' : value => 'neutron.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver';
}
Ini_subsetting['add_fwaas_service_plugin'] -> Neutron_config<||>
Exec['enable_fwaas_dashboard'] -> Service[$fwaas::params::dashboard_service]
service { $fwaas::params::server_service:
ensure => running,
enable => true,
}
if ! $fwaas::params::ha {
Neutron_config<||> ~> Service[$fwaas::params::server_service]
Ini_subsetting['add_fwaas_service_plugin'] ~> Service[$fwaas::params::server_service]
}
service { $fwaas::params::l3_agent_service:
ensure => running,
class fwaas::enable_in_dashboard {
service { $fwaas::params::dashboard_service:
ensure => running,
enable => true,
}
exec { 'enable_fwaas_dashboard':
command => "/bin/sed -i \"s/'enable_firewall': False/'enable_firewall': True/\" $fwaas::params::dashboard_settings",
unless => "/bin/egrep \"'enable_firewall': True\" $fwaas::params::dashboard_settings",
}
Exec['enable_fwaas_dashboard'] ~> Service[$fwaas::params::dashboard_service]
}
class fwaas {
require fwaas::params
require fwaas::enable_in_neutron_config
require fwaas::enable_in_dashboard
if $fwaas::params::ha {
service {$fwaas::params::p_l3_agent:
enable => true,
ensure => running,
provider => 'pacemaker',
subscribe => Class[fwaas::enable_in_neutron_config],
}
Neutron_config<||> -> Service[$fwaas::params::l3_agent_service] ->
Service[$fwaas::params::server_service] -> Service[$fwaas::params::dashboard_service]
} else {
exec { 'ban-l3-agent':
path => '/sbin:/usr/bin:/usr/sbin:/bin',
onlyif => 'pcs resource show p_neutron-l3-agent > /dev/null 2>&1',
command => "pcs resource ban p_neutron-l3-agent ${node_name}",
service {$fwaas::params::l3_agent_service:
enable => true,
ensure => running,
subscribe => Class[fwaas::enable_in_neutron_config],
}
exec { 'waiting-for-l3-stop':
path => '/usr/sbin:/usr/bin:/sbin:/bin',
tries => 10,
try_sleep => 10,
command => "pcs resource | grep p_neutron-l3-agent -A 2 | grep Stop | grep ${node_name}> /dev/null 2>&1",
}
exec { 'unban-l3-agent':
path => '/sbin:/usr/bin:/usr/sbin:/bin',
onlyif => 'pcs resource show p_neutron-l3-agent > /dev/null 2>&1',
command => "pcs resource clear p_neutron-l3-agent ${node_name}",
}
Neutron_config<||> ->
Exec['ban-l3-agent'] -> Exec['waiting-for-l3-stop'] -> Exec['unban-l3-agent'] ->
Service[$fwaas::params::server_service] -> Service[$fwaas::params::dashboard_service]
}
}

View File

@ -8,8 +8,6 @@ class fwaas::params {
$server_service = 'neutron-server'
$full_node_name = $fuel_settings['fqdn']
if($vpn_enabled) {
$l3_agent_service = 'neutron-vpn-agent'