Browse Source

remove hiera call from modules

Change-Id: I643c0ee1eca02b1a3c5c122e39d685396c64712e
sbartel 3 years ago
parent
commit
61faeb0e3a

+ 5
- 5
README.md View File

@@ -35,7 +35,7 @@ Installation Guide
35 35
 Https plugin installation
36 36
 ----------------------------
37 37
 
38
-1. Clone the fuel-plugin repo from: https://github.com/stackforge/fuel-plugin-tls.git
38
+1. Clone the Fuel-plugin repo from: https://github.com/stackforge/fuel-plugin-tls.git
39 39
 
40 40
     ``git clone``
41 41
 
@@ -56,7 +56,7 @@ Https plugin installation
56 56
 
57 57
 6. Install the tls plugin:
58 58
 
59
-   ``fuel plugins --install tls-<x.x.x>.rpm``
59
+   ``Fuel plugins --install tls-<x.x.x>.rpm``
60 60
 
61 61
 6. Plugin is ready to use and can be enabled on the Settings tab of the Fuel web UI.
62 62
 
@@ -78,8 +78,8 @@ https plugin configuration
78 78
     - the certificate .key content
79 79
 
80 80
 	
81
-You must pass your .crt, .key, .ca files via fuel UI (settings tab)
82
-When you pass the content of the files in fuel ui, some "space" characters will appear, don't care about this puppet will remove it.
81
+You must pass your .crt, .key, .ca files via Fuel UI (settings tab)
82
+When you pass the content of the files in Fuel ui, some "space" characters will appear, don't care about this puppet will remove it.
83 83
 
84 84
 CRT file must be in the following format : 
85 85
 
@@ -136,7 +136,7 @@ X43ceACVpWiv5DmBtEUrB8dbwxEJFaoPGqEswwdh1FDxzfsPdapyqGI5B8zRjnpa
136 136
 SR2QEYok/8lZeDgUOhXkGg==
137 137
 -----END PRIVATE KEY-----
138 138
 
139
-CA file must be in the following format : 
139
+CA file must be in the following format :
140 140
 
141 141
 -----BEGIN CERTIFICATE-----
142 142
 MIIDXTCCAkWgAwIBAgIJAJHydV1v41XIMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV

+ 40
- 12
deployment_scripts/puppet/manifests/site.pp View File

@@ -1,19 +1,47 @@
1
-$tls_hash    			= hiera('tls')
2
-$horizon_crt			= $tls_hash['horizon_crt']
3
-$horizon_key			= $tls_hash['horizon_key']
4
-$horizon_ca				= $tls_hash['horizon_ca']
5
-$nodes_hash       		= hiera('nodes')
6
-$controllers 			= hiera('controllers')
7
-$public_virtual_ip  	= hiera('public_vip')
8
-$internal_virtual_ip 	= hiera('management_vip')
1
+$tls_hash               = hiera('tls')
2
+$horizon_crt            = $tls_hash['horizon_crt']
3
+$horizon_key            = $tls_hash['horizon_key']
4
+$horizon_ca             = $tls_hash['horizon_ca']
5
+
6
+#do not use hiera for node parameters (see bug 1476957)
7
+$fuel_settings          = parseyaml(file('/etc/astute.yaml')) 
8
+$nodes_hash             = $::fuel_settings['nodes']
9
+$controllers            = concat(filter_nodes($nodes_hash,'role','primary-controller'), filter_nodes($nodes_hash,'role','controller'))
10
+$public_virtual_ip      = $::fuel_settings['public_vip']
11
+$internal_virtual_ip    = $::fuel_settings['management_vip']
12
+
13
+$servername             = hiera('public_vip')
14
+$horizon_hash           = hiera_hash('horizon',{})
15
+$cache_server_ip        = hiera('memcache_servers', $controller_nodes)
16
+$cache_server_port      = hiera('memcache_server_port', '11211')
17
+$neutron                = hiera('use_neutron')
18
+$keystone_host          = hiera('management_vip')
19
+$verbose                = hiera('verbose', true)
20
+$debug                  = hiera('debug')
21
+$package_ensure         = hiera('horizon_package_ensure', 'installed')
22
+$use_syslog             = hiera('use_syslog', true)
23
+$nova_quota             = hiera('nova_quota')
24
+
9 25
 class { 'tls::controller':
10 26
 	controllers			=> $controllers,
11 27
 	public_virtual_ip	=> $public_virtual_ip,
12 28
 	internal_virtual_ip	=> $internal_virtual_ip,
13
-    horizon_crt         =>  $horizon_crt,
14
-    horizon_key         =>  $horizon_key,
15
-    horizon_ca          =>  $horizon_ca,
16
-    external_ip         =>  $public_virtual_ip
29
+    horizon_crt         => $horizon_crt,
30
+    horizon_key         => $horizon_key,
31
+    horizon_ca          => $horizon_ca,
32
+    external_ip         => $public_virtual_ip,
33
+    nodes_hash          => $nodes_hash,
34
+    servername          => $servername,
35
+    horizon_hash        => $horizon_hash,
36
+    cache_server_ip     => $cache_server_ip,
37
+    cache_server_port   => $cache_server_port,
38
+    neutron             => $neutron,
39
+    keystone_host       => $keystone_host,
40
+    verbose             => $verbose,
41
+    debug               => $debug,
42
+    package_ensure      => $package_ensure,
43
+    use_syslog          => $use_syslog,
44
+    nova_quota          => $nova_quota
17 45
 }
18 46
   
19 47
   

+ 11
- 6
deployment_scripts/puppet/manifests/site_compute.pp View File

@@ -1,9 +1,14 @@
1
-$tls_hash    			  = hiera('tls')
2
-$horizon_crt				= $tls_hash['horizon_crt']
3
-$horizon_key				= $tls_hash['horizon_key']
4
-$nodes_hash       	= hiera('nodes')
5
-$public_ip  	      = hiera('public_vip')
6
-$internal_ip 	      = hiera('management_vip')
1
+$tls_hash           = hiera('tls')
2
+$horizon_crt        = $tls_hash['horizon_crt']
3
+$horizon_key        = $tls_hash['horizon_key']
4
+$nodes_hash         = hiera('nodes')
5
+$public_ip          = hiera('public_vip')
6
+$internal_ip        = hiera('management_vip')
7
+
8
+#do not use hiera for node parameters (see bug 1476957)
9
+$fuel_settings          = parseyaml(file('/etc/astute.yaml')) 
10
+$public_virtual_ip      = $::fuel_settings['public_vip']
11
+$internal_virtual_ip    = $::fuel_settings['management_vip']
7 12
 
8 13
 class { 'tls::compute':
9 14
   public_virtual_ip   => $public_ip,

+ 26
- 4
deployment_scripts/puppet/modules/tls/manifests/controller.pp View File

@@ -5,16 +5,27 @@ class tls::controller(
5 5
   $horizon_crt,
6 6
   $horizon_key,
7 7
   $horizon_ca,
8
-  $external_ip
8
+  $external_ip,
9
+  $nodes_hash,
10
+  $servername,
11
+  $horizon_hash,
12
+  $cache_server_ip,
13
+  $cache_server_port,
14
+  $neutron,
15
+  $keystone_host,
16
+  $verbose,
17
+  $debug,
18
+  $package_ensure,
19
+  $use_syslog,
20
+  $nova_quota
9 21
 ) {
10
-  $nodes_hash = hiera('nodes')
11 22
   $node = filter_nodes($nodes_hash,'name',$::hostname)
12 23
   $internal_address = $node[0]['internal_address']
13 24
   $bind_address = $internal_address
14 25
   $server_hostname = $external_ip
15 26
   include tls::params
16 27
   $apache_tls_path = $tls::params::apache_tls_path
17
-  
28
+
18 29
   #format crt and key files
19 30
   file { "$apache_tls_path" :
20 31
         ensure  => directory,
@@ -50,10 +61,21 @@ class tls::controller(
50 61
     httpd_service   =>  $tls::params::httpd_service_name
51 62
   }->
52 63
   class { 'tls::horizon::horizon':
53
-    bind_address   =>  $bind_address,
64
+    bind_address          =>  $bind_address,
54 65
     controllers           =>  $controllers,
55 66
     public_virtual_ip     =>  $public_virtual_ip,
56 67
     internal_virtual_ip   =>  $internal_virtual_ip,
68
+    servername            => $servername,
69
+    horizon_hash          => $horizon_hash,
70
+    cache_server_ip       => $cache_server_ip,
71
+    cache_server_port     => $cache_server_port,
72
+    neutron               => $neutron,
73
+    keystone_host         => $keystone_host,
74
+    verbose               => $verbose,
75
+    debug                 => $debug,
76
+    package_ensure        => $package_ensure,
77
+    use_syslog            => $use_syslog,
78
+    nova_quota            => $nova_quota,
57 79
   }->  
58 80
   exec { "ha_proxy_restart":
59 81
     command => "/usr/sbin/crm resource restart p_haproxy",

+ 23
- 14
deployment_scripts/puppet/modules/tls/manifests/horizon/horizon.pp View File

@@ -3,35 +3,35 @@ class tls::horizon::horizon(
3 3
   $controllers,
4 4
   $public_virtual_ip,
5 5
   $internal_virtual_ip,
6
+  $servername,
7
+  $horizon_hash,
8
+  $cache_server_ip,
9
+  $cache_server_port,
10
+  $neutron,
11
+  $keystone_host,
12
+  $verbose,
13
+  $debug,
14
+  $package_ensure,
15
+  $use_syslog,
16
+  $nova_quota  
6 17
 ) {
7 18
   include tls::params
8 19
   $ssl_port                       = 443
9
-  $horizon_hash                   = hiera_hash('horizon',{})
10 20
   $root_url                       = $tls::params::root_url
11 21
   $horizon_cert                   = $tls::params::tls_cert_file
12 22
   $horizon_key                    = $tls::params::tls_key_file
13 23
   $horizon_ca                     = $tls::params::tls_ca_file
14 24
   $controller_internal_addresses  = nodes_to_hash($controllers,'name','internal_address')
15 25
   $controller_nodes               = ipsort(values($controller_internal_addresses))
16
-  $cache_server_ip                = hiera('memcache_servers', $controller_nodes)
17
-  $cache_server_port              = hiera('memcache_server_port', '11211')
18 26
   $swift                          = false
19
-  $neutron                        = hiera('use_neutron')
20 27
   $horizon_app_links              = undef
21
-  $keystone_host                  = hiera('management_vip')
22 28
   $keystone_scheme                = 'http'
23 29
   $keystone_default_role          = '_member_'
24
-  $verbose                        = hiera('verbose', true)
25
-  $debug                          = hiera('debug')
26 30
   $api_result_limit               = 1000
27
-  $package_ensure                 = hiera('horizon_package_ensure', 'installed')
28 31
   $use_ssl                        = true
29
-  $use_syslog                     = hiera('use_syslog', true)
30 32
   $log_level                      = 'WARNING'
31
-  $nova_quota                     = hiera('nova_quota')
32 33
   $local_settings_template        = 'openstack/horizon/local_settings.py.erb'
33 34
   $django_session_engine          = 'django.contrib.sessions.backends.cache'
34
-  $servername                     = hiera('public_vip')
35 35
   $cache_backend                  = 'horizon.backends.memcached.HorizonMemcached'
36 36
   $cache_options                  = ["'SOCKET_TIMEOUT': 1","'SERVER_RETRIES': 1","'DEAD_RETRY': 1"]
37 37
   
@@ -128,15 +128,24 @@ class tls::horizon::horizon(
128 128
     horizon_ca             => $horizon_ca
129 129
   }
130 130
 
131
+  # Performance optimization for wsgi
132
+  if ($::memorysize_mb < 1200 or $::processorcount <= 3) {
133
+    $wsgi_processes = 2
134
+    $wsgi_threads = 9
135
+  } else {
136
+    $wsgi_processes = $::processorcount
137
+    $wsgi_threads = 15
138
+  }
139
+
131 140
   class { '::horizon::wsgi::apache':
132 141
     priority       => false,
133 142
     servername     => $public_virtual_ip,
134 143
     bind_address   => $bind_address,
135 144
     wsgi_processes => $wsgi_processes,
136 145
     wsgi_threads   => $wsgi_threads,
137
-    horizon_cert           => $horizon_cert ,
138
-    horizon_key            => $horizon_key,
139
-    horizon_ca            => $horizon_ca,
146
+    horizon_cert   => $horizon_cert ,
147
+    horizon_key    => $horizon_key,
148
+    horizon_ca     => $horizon_ca,
140 149
     listen_ssl     => $use_ssl,
141 150
     extra_params      => {
142 151
       default_vhost   => true,

+ 2
- 8
deployment_scripts/puppet/modules/tls/manifests/params.pp View File

@@ -9,10 +9,7 @@ class tls::params {
9 9
     $tls_cert_file			    = '/etc/apache2/TLS/horizon.crt'
10 10
     $tls_key_file			      = '/etc/apache2/TLS/horizon.key'
11 11
     $tls_ca_file            = '/etc/apache2/TLS/horizon.ca'
12
-    $root_url               = '/horizon'	
13
-    $apache_conf_file 		  = '/etc/apache2/conf-available/openstack-dashboard.conf'
14
-    $apache_vhost_file      = '/etc/apache2/sites-available/openstack-dashboard.conf'
15
-    $apache_port_file		    = '/etc/apache2/ports.conf'	
12
+    $root_url               = '/horizon'
16 13
   } elsif($::osfamily == 'RedHat') {
17 14
     $httpd_service_name 	  = 'httpd'
18 15
     $horizon_settings_file 	= '/etc/openstack-dashboard/local_settings'
@@ -23,10 +20,7 @@ class tls::params {
23 20
     $tls_cert_file			    = '/etc/httpd/TLS/horizon.crt'
24 21
     $tls_key_file			      = '/etc/httpd/TLS/horizon.key'
25 22
     $tls_ca_file            = '/etc/httpd/TLS/horizon.ca'
26
-    $root_url               = '/dashboard'	
27
-    $apache_conf_file 		  = '/etc/httpd/conf.d/openstack-dashboard.conf'
28
-    $apache_vhost_file      = '/etc/httpd/conf.d/ssl.conf'
29
-    $apache_port_file		    = '/etc/httpd/conf.d/ports.conf'	
23
+    $root_url               = '/dashboard'
30 24
   } else {
31 25
     fail("unsupported family ${::osfamily}")
32 26
   }

Loading…
Cancel
Save