remove hiera call from modules
Change-Id: I643c0ee1eca02b1a3c5c122e39d685396c64712e
This commit is contained in:
parent
a68502c8c3
commit
61faeb0e3a
10
README.md
10
README.md
|
@ -35,7 +35,7 @@ Installation Guide
|
||||||
Https plugin installation
|
Https plugin installation
|
||||||
----------------------------
|
----------------------------
|
||||||
|
|
||||||
1. Clone the fuel-plugin repo from: https://github.com/stackforge/fuel-plugin-tls.git
|
1. Clone the Fuel-plugin repo from: https://github.com/stackforge/fuel-plugin-tls.git
|
||||||
|
|
||||||
``git clone``
|
``git clone``
|
||||||
|
|
||||||
|
@ -56,7 +56,7 @@ Https plugin installation
|
||||||
|
|
||||||
6. Install the tls plugin:
|
6. Install the tls plugin:
|
||||||
|
|
||||||
``fuel plugins --install tls-<x.x.x>.rpm``
|
``Fuel plugins --install tls-<x.x.x>.rpm``
|
||||||
|
|
||||||
6. Plugin is ready to use and can be enabled on the Settings tab of the Fuel web UI.
|
6. Plugin is ready to use and can be enabled on the Settings tab of the Fuel web UI.
|
||||||
|
|
||||||
|
@ -78,8 +78,8 @@ https plugin configuration
|
||||||
- the certificate .key content
|
- the certificate .key content
|
||||||
|
|
||||||
|
|
||||||
You must pass your .crt, .key, .ca files via fuel UI (settings tab)
|
You must pass your .crt, .key, .ca files via Fuel UI (settings tab)
|
||||||
When you pass the content of the files in fuel ui, some "space" characters will appear, don't care about this puppet will remove it.
|
When you pass the content of the files in Fuel ui, some "space" characters will appear, don't care about this puppet will remove it.
|
||||||
|
|
||||||
CRT file must be in the following format :
|
CRT file must be in the following format :
|
||||||
|
|
||||||
|
@ -136,7 +136,7 @@ X43ceACVpWiv5DmBtEUrB8dbwxEJFaoPGqEswwdh1FDxzfsPdapyqGI5B8zRjnpa
|
||||||
SR2QEYok/8lZeDgUOhXkGg==
|
SR2QEYok/8lZeDgUOhXkGg==
|
||||||
-----END PRIVATE KEY-----
|
-----END PRIVATE KEY-----
|
||||||
|
|
||||||
CA file must be in the following format :
|
CA file must be in the following format :
|
||||||
|
|
||||||
-----BEGIN CERTIFICATE-----
|
-----BEGIN CERTIFICATE-----
|
||||||
MIIDXTCCAkWgAwIBAgIJAJHydV1v41XIMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV
|
MIIDXTCCAkWgAwIBAgIJAJHydV1v41XIMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV
|
||||||
|
|
|
@ -1,19 +1,47 @@
|
||||||
$tls_hash = hiera('tls')
|
$tls_hash = hiera('tls')
|
||||||
$horizon_crt = $tls_hash['horizon_crt']
|
$horizon_crt = $tls_hash['horizon_crt']
|
||||||
$horizon_key = $tls_hash['horizon_key']
|
$horizon_key = $tls_hash['horizon_key']
|
||||||
$horizon_ca = $tls_hash['horizon_ca']
|
$horizon_ca = $tls_hash['horizon_ca']
|
||||||
$nodes_hash = hiera('nodes')
|
|
||||||
$controllers = hiera('controllers')
|
#do not use hiera for node parameters (see bug 1476957)
|
||||||
$public_virtual_ip = hiera('public_vip')
|
$fuel_settings = parseyaml(file('/etc/astute.yaml'))
|
||||||
$internal_virtual_ip = hiera('management_vip')
|
$nodes_hash = $::fuel_settings['nodes']
|
||||||
|
$controllers = concat(filter_nodes($nodes_hash,'role','primary-controller'), filter_nodes($nodes_hash,'role','controller'))
|
||||||
|
$public_virtual_ip = $::fuel_settings['public_vip']
|
||||||
|
$internal_virtual_ip = $::fuel_settings['management_vip']
|
||||||
|
|
||||||
|
$servername = hiera('public_vip')
|
||||||
|
$horizon_hash = hiera_hash('horizon',{})
|
||||||
|
$cache_server_ip = hiera('memcache_servers', $controller_nodes)
|
||||||
|
$cache_server_port = hiera('memcache_server_port', '11211')
|
||||||
|
$neutron = hiera('use_neutron')
|
||||||
|
$keystone_host = hiera('management_vip')
|
||||||
|
$verbose = hiera('verbose', true)
|
||||||
|
$debug = hiera('debug')
|
||||||
|
$package_ensure = hiera('horizon_package_ensure', 'installed')
|
||||||
|
$use_syslog = hiera('use_syslog', true)
|
||||||
|
$nova_quota = hiera('nova_quota')
|
||||||
|
|
||||||
class { 'tls::controller':
|
class { 'tls::controller':
|
||||||
controllers => $controllers,
|
controllers => $controllers,
|
||||||
public_virtual_ip => $public_virtual_ip,
|
public_virtual_ip => $public_virtual_ip,
|
||||||
internal_virtual_ip => $internal_virtual_ip,
|
internal_virtual_ip => $internal_virtual_ip,
|
||||||
horizon_crt => $horizon_crt,
|
horizon_crt => $horizon_crt,
|
||||||
horizon_key => $horizon_key,
|
horizon_key => $horizon_key,
|
||||||
horizon_ca => $horizon_ca,
|
horizon_ca => $horizon_ca,
|
||||||
external_ip => $public_virtual_ip
|
external_ip => $public_virtual_ip,
|
||||||
|
nodes_hash => $nodes_hash,
|
||||||
|
servername => $servername,
|
||||||
|
horizon_hash => $horizon_hash,
|
||||||
|
cache_server_ip => $cache_server_ip,
|
||||||
|
cache_server_port => $cache_server_port,
|
||||||
|
neutron => $neutron,
|
||||||
|
keystone_host => $keystone_host,
|
||||||
|
verbose => $verbose,
|
||||||
|
debug => $debug,
|
||||||
|
package_ensure => $package_ensure,
|
||||||
|
use_syslog => $use_syslog,
|
||||||
|
nova_quota => $nova_quota
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -1,9 +1,14 @@
|
||||||
$tls_hash = hiera('tls')
|
$tls_hash = hiera('tls')
|
||||||
$horizon_crt = $tls_hash['horizon_crt']
|
$horizon_crt = $tls_hash['horizon_crt']
|
||||||
$horizon_key = $tls_hash['horizon_key']
|
$horizon_key = $tls_hash['horizon_key']
|
||||||
$nodes_hash = hiera('nodes')
|
$nodes_hash = hiera('nodes')
|
||||||
$public_ip = hiera('public_vip')
|
$public_ip = hiera('public_vip')
|
||||||
$internal_ip = hiera('management_vip')
|
$internal_ip = hiera('management_vip')
|
||||||
|
|
||||||
|
#do not use hiera for node parameters (see bug 1476957)
|
||||||
|
$fuel_settings = parseyaml(file('/etc/astute.yaml'))
|
||||||
|
$public_virtual_ip = $::fuel_settings['public_vip']
|
||||||
|
$internal_virtual_ip = $::fuel_settings['management_vip']
|
||||||
|
|
||||||
class { 'tls::compute':
|
class { 'tls::compute':
|
||||||
public_virtual_ip => $public_ip,
|
public_virtual_ip => $public_ip,
|
||||||
|
|
|
@ -5,16 +5,27 @@ class tls::controller(
|
||||||
$horizon_crt,
|
$horizon_crt,
|
||||||
$horizon_key,
|
$horizon_key,
|
||||||
$horizon_ca,
|
$horizon_ca,
|
||||||
$external_ip
|
$external_ip,
|
||||||
|
$nodes_hash,
|
||||||
|
$servername,
|
||||||
|
$horizon_hash,
|
||||||
|
$cache_server_ip,
|
||||||
|
$cache_server_port,
|
||||||
|
$neutron,
|
||||||
|
$keystone_host,
|
||||||
|
$verbose,
|
||||||
|
$debug,
|
||||||
|
$package_ensure,
|
||||||
|
$use_syslog,
|
||||||
|
$nova_quota
|
||||||
) {
|
) {
|
||||||
$nodes_hash = hiera('nodes')
|
|
||||||
$node = filter_nodes($nodes_hash,'name',$::hostname)
|
$node = filter_nodes($nodes_hash,'name',$::hostname)
|
||||||
$internal_address = $node[0]['internal_address']
|
$internal_address = $node[0]['internal_address']
|
||||||
$bind_address = $internal_address
|
$bind_address = $internal_address
|
||||||
$server_hostname = $external_ip
|
$server_hostname = $external_ip
|
||||||
include tls::params
|
include tls::params
|
||||||
$apache_tls_path = $tls::params::apache_tls_path
|
$apache_tls_path = $tls::params::apache_tls_path
|
||||||
|
|
||||||
#format crt and key files
|
#format crt and key files
|
||||||
file { "$apache_tls_path" :
|
file { "$apache_tls_path" :
|
||||||
ensure => directory,
|
ensure => directory,
|
||||||
|
@ -50,10 +61,21 @@ class tls::controller(
|
||||||
httpd_service => $tls::params::httpd_service_name
|
httpd_service => $tls::params::httpd_service_name
|
||||||
}->
|
}->
|
||||||
class { 'tls::horizon::horizon':
|
class { 'tls::horizon::horizon':
|
||||||
bind_address => $bind_address,
|
bind_address => $bind_address,
|
||||||
controllers => $controllers,
|
controllers => $controllers,
|
||||||
public_virtual_ip => $public_virtual_ip,
|
public_virtual_ip => $public_virtual_ip,
|
||||||
internal_virtual_ip => $internal_virtual_ip,
|
internal_virtual_ip => $internal_virtual_ip,
|
||||||
|
servername => $servername,
|
||||||
|
horizon_hash => $horizon_hash,
|
||||||
|
cache_server_ip => $cache_server_ip,
|
||||||
|
cache_server_port => $cache_server_port,
|
||||||
|
neutron => $neutron,
|
||||||
|
keystone_host => $keystone_host,
|
||||||
|
verbose => $verbose,
|
||||||
|
debug => $debug,
|
||||||
|
package_ensure => $package_ensure,
|
||||||
|
use_syslog => $use_syslog,
|
||||||
|
nova_quota => $nova_quota,
|
||||||
}->
|
}->
|
||||||
exec { "ha_proxy_restart":
|
exec { "ha_proxy_restart":
|
||||||
command => "/usr/sbin/crm resource restart p_haproxy",
|
command => "/usr/sbin/crm resource restart p_haproxy",
|
||||||
|
|
|
@ -3,35 +3,35 @@ class tls::horizon::horizon(
|
||||||
$controllers,
|
$controllers,
|
||||||
$public_virtual_ip,
|
$public_virtual_ip,
|
||||||
$internal_virtual_ip,
|
$internal_virtual_ip,
|
||||||
|
$servername,
|
||||||
|
$horizon_hash,
|
||||||
|
$cache_server_ip,
|
||||||
|
$cache_server_port,
|
||||||
|
$neutron,
|
||||||
|
$keystone_host,
|
||||||
|
$verbose,
|
||||||
|
$debug,
|
||||||
|
$package_ensure,
|
||||||
|
$use_syslog,
|
||||||
|
$nova_quota
|
||||||
) {
|
) {
|
||||||
include tls::params
|
include tls::params
|
||||||
$ssl_port = 443
|
$ssl_port = 443
|
||||||
$horizon_hash = hiera_hash('horizon',{})
|
|
||||||
$root_url = $tls::params::root_url
|
$root_url = $tls::params::root_url
|
||||||
$horizon_cert = $tls::params::tls_cert_file
|
$horizon_cert = $tls::params::tls_cert_file
|
||||||
$horizon_key = $tls::params::tls_key_file
|
$horizon_key = $tls::params::tls_key_file
|
||||||
$horizon_ca = $tls::params::tls_ca_file
|
$horizon_ca = $tls::params::tls_ca_file
|
||||||
$controller_internal_addresses = nodes_to_hash($controllers,'name','internal_address')
|
$controller_internal_addresses = nodes_to_hash($controllers,'name','internal_address')
|
||||||
$controller_nodes = ipsort(values($controller_internal_addresses))
|
$controller_nodes = ipsort(values($controller_internal_addresses))
|
||||||
$cache_server_ip = hiera('memcache_servers', $controller_nodes)
|
|
||||||
$cache_server_port = hiera('memcache_server_port', '11211')
|
|
||||||
$swift = false
|
$swift = false
|
||||||
$neutron = hiera('use_neutron')
|
|
||||||
$horizon_app_links = undef
|
$horizon_app_links = undef
|
||||||
$keystone_host = hiera('management_vip')
|
|
||||||
$keystone_scheme = 'http'
|
$keystone_scheme = 'http'
|
||||||
$keystone_default_role = '_member_'
|
$keystone_default_role = '_member_'
|
||||||
$verbose = hiera('verbose', true)
|
|
||||||
$debug = hiera('debug')
|
|
||||||
$api_result_limit = 1000
|
$api_result_limit = 1000
|
||||||
$package_ensure = hiera('horizon_package_ensure', 'installed')
|
|
||||||
$use_ssl = true
|
$use_ssl = true
|
||||||
$use_syslog = hiera('use_syslog', true)
|
|
||||||
$log_level = 'WARNING'
|
$log_level = 'WARNING'
|
||||||
$nova_quota = hiera('nova_quota')
|
|
||||||
$local_settings_template = 'openstack/horizon/local_settings.py.erb'
|
$local_settings_template = 'openstack/horizon/local_settings.py.erb'
|
||||||
$django_session_engine = 'django.contrib.sessions.backends.cache'
|
$django_session_engine = 'django.contrib.sessions.backends.cache'
|
||||||
$servername = hiera('public_vip')
|
|
||||||
$cache_backend = 'horizon.backends.memcached.HorizonMemcached'
|
$cache_backend = 'horizon.backends.memcached.HorizonMemcached'
|
||||||
$cache_options = ["'SOCKET_TIMEOUT': 1","'SERVER_RETRIES': 1","'DEAD_RETRY': 1"]
|
$cache_options = ["'SOCKET_TIMEOUT': 1","'SERVER_RETRIES': 1","'DEAD_RETRY': 1"]
|
||||||
|
|
||||||
|
@ -128,15 +128,24 @@ class tls::horizon::horizon(
|
||||||
horizon_ca => $horizon_ca
|
horizon_ca => $horizon_ca
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Performance optimization for wsgi
|
||||||
|
if ($::memorysize_mb < 1200 or $::processorcount <= 3) {
|
||||||
|
$wsgi_processes = 2
|
||||||
|
$wsgi_threads = 9
|
||||||
|
} else {
|
||||||
|
$wsgi_processes = $::processorcount
|
||||||
|
$wsgi_threads = 15
|
||||||
|
}
|
||||||
|
|
||||||
class { '::horizon::wsgi::apache':
|
class { '::horizon::wsgi::apache':
|
||||||
priority => false,
|
priority => false,
|
||||||
servername => $public_virtual_ip,
|
servername => $public_virtual_ip,
|
||||||
bind_address => $bind_address,
|
bind_address => $bind_address,
|
||||||
wsgi_processes => $wsgi_processes,
|
wsgi_processes => $wsgi_processes,
|
||||||
wsgi_threads => $wsgi_threads,
|
wsgi_threads => $wsgi_threads,
|
||||||
horizon_cert => $horizon_cert ,
|
horizon_cert => $horizon_cert ,
|
||||||
horizon_key => $horizon_key,
|
horizon_key => $horizon_key,
|
||||||
horizon_ca => $horizon_ca,
|
horizon_ca => $horizon_ca,
|
||||||
listen_ssl => $use_ssl,
|
listen_ssl => $use_ssl,
|
||||||
extra_params => {
|
extra_params => {
|
||||||
default_vhost => true,
|
default_vhost => true,
|
||||||
|
|
|
@ -9,10 +9,7 @@ class tls::params {
|
||||||
$tls_cert_file = '/etc/apache2/TLS/horizon.crt'
|
$tls_cert_file = '/etc/apache2/TLS/horizon.crt'
|
||||||
$tls_key_file = '/etc/apache2/TLS/horizon.key'
|
$tls_key_file = '/etc/apache2/TLS/horizon.key'
|
||||||
$tls_ca_file = '/etc/apache2/TLS/horizon.ca'
|
$tls_ca_file = '/etc/apache2/TLS/horizon.ca'
|
||||||
$root_url = '/horizon'
|
$root_url = '/horizon'
|
||||||
$apache_conf_file = '/etc/apache2/conf-available/openstack-dashboard.conf'
|
|
||||||
$apache_vhost_file = '/etc/apache2/sites-available/openstack-dashboard.conf'
|
|
||||||
$apache_port_file = '/etc/apache2/ports.conf'
|
|
||||||
} elsif($::osfamily == 'RedHat') {
|
} elsif($::osfamily == 'RedHat') {
|
||||||
$httpd_service_name = 'httpd'
|
$httpd_service_name = 'httpd'
|
||||||
$horizon_settings_file = '/etc/openstack-dashboard/local_settings'
|
$horizon_settings_file = '/etc/openstack-dashboard/local_settings'
|
||||||
|
@ -23,10 +20,7 @@ class tls::params {
|
||||||
$tls_cert_file = '/etc/httpd/TLS/horizon.crt'
|
$tls_cert_file = '/etc/httpd/TLS/horizon.crt'
|
||||||
$tls_key_file = '/etc/httpd/TLS/horizon.key'
|
$tls_key_file = '/etc/httpd/TLS/horizon.key'
|
||||||
$tls_ca_file = '/etc/httpd/TLS/horizon.ca'
|
$tls_ca_file = '/etc/httpd/TLS/horizon.ca'
|
||||||
$root_url = '/dashboard'
|
$root_url = '/dashboard'
|
||||||
$apache_conf_file = '/etc/httpd/conf.d/openstack-dashboard.conf'
|
|
||||||
$apache_vhost_file = '/etc/httpd/conf.d/ssl.conf'
|
|
||||||
$apache_port_file = '/etc/httpd/conf.d/ports.conf'
|
|
||||||
} else {
|
} else {
|
||||||
fail("unsupported family ${::osfamily}")
|
fail("unsupported family ${::osfamily}")
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue