x/packstack
Code Issues Proposed changes

Adds Hiera implementation within Packstack

Browse Source 
Packstack configures Hiera as data backend. Packstack puppet templates are now
using hiera() and hiera_array() functions to fetch data from hiera backend.

Packstack generates a defaults.yaml file in the /var/tmp/packstack directory.

Firewall rules for each openstack components are inserted into the hiera
backend as hash and created by the create_resources function.

Change-Id: Iab553a71264b0fc0f26d33a6304b545ad302f664
Fixes: rhbz#1145223
Signed-off-by: Gael Chamoulaud <gchamoul@redhat.com>
This commit is contained in:
Gael Chamoulaud
2014-10-06 11:37:22 +02:00
committed by Lukas Bezdicka
parent a0454d82fa
commit 219cf98b4f
132 changed files with 1706 additions and 1376 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
packstack/installer/basedefs.py
View File

@@ -43,6 +43,8 @@ VAR_DIR = tempfile.mkdtemp(prefix=_tmpdirprefix, dir=PACKSTACK_VAR_DIR)
DIR_LOG = VAR_DIR DIR_LOG = VAR_DIR
PUPPET_MANIFEST_RELATIVE = "manifests" PUPPET_MANIFEST_RELATIVE = "manifests"
PUPPET_MANIFEST_DIR = os.path.join(VAR_DIR, PUPPET_MANIFEST_RELATIVE) PUPPET_MANIFEST_DIR = os.path.join(VAR_DIR, PUPPET_MANIFEST_RELATIVE)
HIERADATA_FILE_RELATIVE = "hieradata"
HIERADATA_DIR = os.path.join(VAR_DIR, HIERADATA_FILE_RELATIVE)
FILE_INSTALLER_LOG = "setup.log" FILE_INSTALLER_LOG = "setup.log"

15
packstack/modules/ospluginutils.py
View File

@@ -2,6 +2,7 @@
import logging import logging
import os import os
import re import re
import yaml
from packstack.installer import basedefs from packstack.installer import basedefs
from packstack.installer.setup_controller import Controller from packstack.installer.setup_controller import Controller
@@ -11,6 +12,7 @@ controller = Controller()
PUPPET_DIR = os.path.join(basedefs.DIR_PROJECT_DIR, "puppet") PUPPET_DIR = os.path.join(basedefs.DIR_PROJECT_DIR, "puppet")
PUPPET_TEMPLATE_DIR = os.path.join(PUPPET_DIR, "templates") PUPPET_TEMPLATE_DIR = os.path.join(PUPPET_DIR, "templates")
HIERA_DEFAULTS_YAML = os.path.join(basedefs.HIERADATA_DIR, "defaults.yaml")
class NovaConfig(object): class NovaConfig(object):
@@ -80,6 +82,19 @@ def appendManifestFile(manifest_name, data, marker=''):
manifestfiles.addFile(manifest_name, marker, data) manifestfiles.addFile(manifest_name, marker, data)
def generateHieraDataFile():
os.mkdir(basedefs.HIERADATA_DIR, 0700)
with open(HIERA_DEFAULTS_YAML, 'w') as outfile:
outfile.write(yaml.dump(controller.CONF,
explicit_start=True,
default_flow_style=False))
def createFirewallResources(hiera_key, default_value='{}'):
hiera_function = "hiera('%s', %s)" % (hiera_key, default_value)
return "create_resources(packstack::firewall, %s)\n\n" % hiera_function
def gethostlist(CONF): def gethostlist(CONF):
hosts = [] hosts = []
for key, value in CONF.items(): for key, value in CONF.items():

30
packstack/plugins/amqp_002.py
View File

@@ -15,7 +15,8 @@ from packstack.installer import utils
from packstack.modules.common import filtered_hosts from packstack.modules.common import filtered_hosts
from packstack.modules.ospluginutils import (getManifestTemplate, from packstack.modules.ospluginutils import (getManifestTemplate,
appendManifestFile) appendManifestFile,
createFirewallResources)
#------------------ oVirt installer initialization ------------------ #------------------ oVirt installer initialization ------------------
@@ -219,7 +220,7 @@ def initSequences(controller):
def create_manifest(config, messages): def create_manifest(config, messages):
server = utils.ScriptRunner(config['CONFIG_AMQP_HOST']) server = utils.ScriptRunner(config['CONFIG_AMQP_HOST'])
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y': if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
config['CONFIG_AMQP_ENABLE_SSL'] = 'true' config['CONFIG_AMQP_ENABLE_SSL'] = True
config['CONFIG_AMQP_PROTOCOL'] = 'ssl' config['CONFIG_AMQP_PROTOCOL'] = 'ssl'
config['CONFIG_AMQP_CLIENTS_PORT'] = "5671" config['CONFIG_AMQP_CLIENTS_PORT'] = "5671"
if config['CONFIG_AMQP_SSL_SELF_SIGNED'] == 'y': if config['CONFIG_AMQP_SSL_SELF_SIGNED'] == 'y':
@@ -234,10 +235,10 @@ def create_manifest(config, messages):
# Set default values # Set default values
config['CONFIG_AMQP_CLIENTS_PORT'] = "5672" config['CONFIG_AMQP_CLIENTS_PORT'] = "5672"
config['CONFIG_AMQP_SSL_PORT'] = "5671" config['CONFIG_AMQP_SSL_PORT'] = "5671"
config['CONFIG_AMQP_SSL_CERT_FILE'] = "" config['CONFIG_AMQP_SSL_CERT_FILE'] = ''
config['CONFIG_AMQP_SSL_KEY_FILE'] = "" config['CONFIG_AMQP_SSL_KEY_FILE'] = ''
config['CONFIG_AMQP_NSS_CERTDB_PW'] = "" config['CONFIG_AMQP_NSS_CERTDB_PW'] = ''
config['CONFIG_AMQP_ENABLE_SSL'] = 'false' config['CONFIG_AMQP_ENABLE_SSL'] = False
config['CONFIG_AMQP_PROTOCOL'] = 'tcp' config['CONFIG_AMQP_PROTOCOL'] = 'tcp'
if config['CONFIG_AMQP_ENABLE_AUTH'] == 'n': if config['CONFIG_AMQP_ENABLE_AUTH'] == 'n':
@@ -247,14 +248,17 @@ def create_manifest(config, messages):
manifestfile = "%s_amqp.pp" % config['CONFIG_AMQP_HOST'] manifestfile = "%s_amqp.pp" % config['CONFIG_AMQP_HOST']
manifestdata = getManifestTemplate('amqp.pp') manifestdata = getManifestTemplate('amqp.pp')
fw_details = dict()
# All hosts should be able to talk to amqp # All hosts should be able to talk to amqp
config['FIREWALL_SERVICE_NAME'] = "amqp"
config['FIREWALL_PORTS'] = "['5671', '5672']"
config['FIREWALL_CHAIN'] = "INPUT"
config['FIREWALL_PROTOCOL'] = 'tcp'
for host in filtered_hosts(config, exclude=False): for host in filtered_hosts(config, exclude=False):
config['FIREWALL_ALLOWED'] = "'%s'" % host key = "amqp_%s" % host
config['FIREWALL_SERVICE_ID'] = "amqp_%s" % host fw_details.setdefault(key, {})
manifestdata += getManifestTemplate("firewall.pp") fw_details[key]['host'] = "%s" % host
fw_details[key]['service_name'] = "amqp"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['5671', '5672']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_AMQP_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_AMQP_RULES')
appendManifestFile(manifestfile, manifestdata, 'pre') appendManifestFile(manifestfile, manifestdata, 'pre')

38
packstack/plugins/ceilometer_800.py
View File

@@ -13,7 +13,8 @@ from packstack.installer import validators
from packstack.installer import processors from packstack.installer import processors
from packstack.modules.shortcuts import get_mq from packstack.modules.shortcuts import get_mq
from packstack.modules.ospluginutils import (getManifestTemplate, from packstack.modules.ospluginutils import (getManifestTemplate,
appendManifestFile) appendManifestFile,
createFirewallResources)
#------------------ oVirt installer initialization ------------------ #------------------ oVirt installer initialization ------------------
@@ -112,13 +113,17 @@ def create_manifest(config, messages):
manifestdata = getManifestTemplate(get_mq(config, "ceilometer")) manifestdata = getManifestTemplate(get_mq(config, "ceilometer"))
manifestdata += getManifestTemplate("ceilometer.pp") manifestdata += getManifestTemplate("ceilometer.pp")
config['FIREWALL_ALLOWED'] = "'ALL'" fw_details = dict()
config['FIREWALL_SERVICE_NAME'] = 'ceilometer-api' key = "ceilometer_api"
config['FIREWALL_SERVICE_ID'] = 'ceilometer_api' fw_details.setdefault(key, {})
config['FIREWALL_PORTS'] = "'8777'" fw_details[key]['host'] = "ALL"
config['FIREWALL_CHAIN'] = "INPUT" fw_details[key]['service_name'] = "ceilometer-api"
config['FIREWALL_PROTOCOL'] = 'tcp' fw_details[key]['chain'] = "INPUT"
manifestdata += getManifestTemplate("firewall.pp") fw_details[key]['ports'] = ['8777']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_CEILOMETER_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_CEILOMETER_RULES')
# Add a template that creates a group for nova because the ceilometer # Add a template that creates a group for nova because the ceilometer
# class needs it # class needs it
if config['CONFIG_NOVA_INSTALL'] == 'n': if config['CONFIG_NOVA_INSTALL'] == 'n':
@@ -129,11 +134,18 @@ def create_manifest(config, messages):
def create_mongodb_manifest(config, messages): def create_mongodb_manifest(config, messages):
manifestfile = "%s_mongodb.pp" % config['CONFIG_MONGODB_HOST'] manifestfile = "%s_mongodb.pp" % config['CONFIG_MONGODB_HOST']
manifestdata = getManifestTemplate("mongodb.pp") manifestdata = getManifestTemplate("mongodb.pp")
config['FIREWALL_ALLOWED'] = "'%s'" % config['CONFIG_CONTROLLER_HOST']
config['FIREWALL_SERVICE_NAME'] = 'mongodb-server' fw_details = dict()
config['FIREWALL_PORTS'] = "'27017'" key = "mongodb_server"
config['FIREWALL_PROTOCOL'] = 'tcp' fw_details.setdefault(key, {})
manifestdata += getManifestTemplate("firewall.pp") fw_details[key]['host'] = "%s" % config['CONFIG_CONTROLLER_HOST']
fw_details[key]['service_name'] = "mongodb-server"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['27017']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_MONGODB_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_MONGODB_RULES')
appendManifestFile(manifestfile, manifestdata, 'pre') appendManifestFile(manifestfile, manifestdata, 'pre')

72
packstack/plugins/cinder_250.py
View File

@@ -20,7 +20,8 @@ from packstack.installer import utils
from packstack.modules.shortcuts import get_mq from packstack.modules.shortcuts import get_mq
from packstack.modules.ospluginutils import (getManifestTemplate, from packstack.modules.ospluginutils import (getManifestTemplate,
appendManifestFile) appendManifestFile,
createFirewallResources)
from packstack.installer import exceptions from packstack.installer import exceptions
from packstack.installer import output_messages from packstack.installer import output_messages
@@ -125,10 +126,10 @@ def initConfig(controller):
"domain:/vol-name "), "domain:/vol-name "),
"PROMPT": ("Enter a single or comma separated list of gluster " "PROMPT": ("Enter a single or comma separated list of gluster "
"volume shares to use with Cinder"), "volume shares to use with Cinder"),
"OPTION_LIST": ["^'([\d]{1,3}\.){3}[\d]{1,3}:/.*'", "OPTION_LIST": ["^([\d]{1,3}\.){3}[\d]{1,3}:/.*",
"^'[a-zA-Z0-9][\-\.\w]*:/.*'"], "^[a-zA-Z0-9][\-\.\w]*:/.*"],
"VALIDATORS": [validators.validate_multi_regexp], "VALIDATORS": [validators.validate_multi_regexp],
"PROCESSORS": [processors.process_add_quotes_around_values], "PROCESSORS": [],
"DEFAULT_VALUE": "", "DEFAULT_VALUE": "",
"MASK_INPUT": False, "MASK_INPUT": False,
"LOOSE_VALIDATION": True, "LOOSE_VALIDATION": True,
@@ -144,9 +145,9 @@ def initConfig(controller):
"mount, eg: ip-address:/export-name "), "mount, eg: ip-address:/export-name "),
"PROMPT": ("Enter a single or comma seprated list of NFS exports " "PROMPT": ("Enter a single or comma seprated list of NFS exports "
"to use with Cinder"), "to use with Cinder"),
"OPTION_LIST": ["^'([\d]{1,3}\.){3}[\d]{1,3}:/.*'"], "OPTION_LIST": ["^([\d]{1,3}\.){3}[\d]{1,3}:/.*"],
"VALIDATORS": [validators.validate_multi_regexp], "VALIDATORS": [validators.validate_multi_regexp],
"PROCESSORS": [processors.process_add_quotes_around_values], "PROCESSORS": [],
"DEFAULT_VALUE": "", "DEFAULT_VALUE": "",
"MASK_INPUT": False, "MASK_INPUT": False,
"LOOSE_VALIDATION": True, "LOOSE_VALIDATION": True,
@@ -592,10 +593,16 @@ def initSequences(controller):
if config['CONFIG_CINDER_INSTALL'] != 'y': if config['CONFIG_CINDER_INSTALL'] != 'y':
return return
config['CONFIG_CINDER_BACKEND'] = str( config['CONFIG_CINDER_BACKEND'] = (
[i.strip() for i in config['CONFIG_CINDER_BACKEND'].split(',') if i] [i.strip() for i in config['CONFIG_CINDER_BACKEND'].split(',') if i]
) )
for key in ('CONFIG_CINDER_NETAPP_VOLUME_LIST',
'CONFIG_CINDER_GLUSTER_MOUNTS',
'CONFIG_CINDER_NFS_MOUNTS'):
if key in config:
config[key] = [i.strip() for i in config[key].split(',') if i]
cinder_steps = [ cinder_steps = [
{'title': 'Adding Cinder Keystone manifest entries', {'title': 'Adding Cinder Keystone manifest entries',
'functions': [create_keystone_manifest]}, 'functions': [create_keystone_manifest]},
@@ -711,8 +718,7 @@ def create_manifest(config, messages):
manifestfile = "%s_cinder.pp" % config['CONFIG_STORAGE_HOST'] manifestfile = "%s_cinder.pp" % config['CONFIG_STORAGE_HOST']
manifestdata += getManifestTemplate("cinder.pp") manifestdata += getManifestTemplate("cinder.pp")
backends = config['CONFIG_CINDER_BACKEND'].strip('[]') backends = config['CONFIG_CINDER_BACKEND']
backends = [i.strip('\' ') for i in backends.split(',')]
if 'netapp' in backends: if 'netapp' in backends:
backends.remove('netapp') backends.remove('netapp')
puppet_cdot_iscsi = "cinder_netapp_cdot_iscsi.pp" puppet_cdot_iscsi = "cinder_netapp_cdot_iscsi.pp"
@@ -740,24 +746,36 @@ def create_manifest(config, messages):
if config['CONFIG_SWIFT_INSTALL'] == 'y': if config['CONFIG_SWIFT_INSTALL'] == 'y':
manifestdata += getManifestTemplate('cinder_backup.pp') manifestdata += getManifestTemplate('cinder_backup.pp')
config['FIREWALL_SERVICE_NAME'] = "cinder" fw_details = dict()
config['FIREWALL_PORTS'] = "['3260']" for host in split_hosts(config['CONFIG_COMPUTE_HOSTS']):
config['FIREWALL_CHAIN'] = "INPUT" if (config['CONFIG_NOVA_INSTALL'] == 'y' and
config['FIREWALL_PROTOCOL'] = 'tcp'
if (config['CONFIG_NOVA_INSTALL'] == 'y' and
config['CONFIG_VMWARE_BACKEND'] == 'n'): config['CONFIG_VMWARE_BACKEND'] == 'n'):
for host in split_hosts(config['CONFIG_COMPUTE_HOSTS']): key = "cinder_%s" % host
config['FIREWALL_ALLOWED'] = "'%s'" % host fw_details.setdefault(key, {})
config['FIREWALL_SERVICE_ID'] = "cinder_%s" % host fw_details[key]['host'] = "%s" % host
manifestdata += getManifestTemplate("firewall.pp") else:
else: key = "cinder_all"
config['FIREWALL_ALLOWED'] = "'ALL'" fw_details.setdefault(key, {})
config['FIREWALL_SERVICE_ID'] = "cinder_ALL" fw_details[key]['host'] = "ALL"
manifestdata += getManifestTemplate("firewall.pp")
fw_details[key]['service_name'] = "cinder"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['3260']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_CINDER_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_CINDER_RULES')
# cinder API should be open for everyone # cinder API should be open for everyone
config['FIREWALL_SERVICE_NAME'] = "cinder-api" fw_details = dict()
config['FIREWALL_ALLOWED'] = "'ALL'" key = "cinder_api"
config['FIREWALL_SERVICE_ID'] = "cinder_API" fw_details.setdefault(key, {})
config['FIREWALL_PORTS'] = "['8776']" fw_details[key]['host'] = "ALL"
manifestdata += getManifestTemplate("firewall.pp") fw_details[key]['service_name'] = "cinder-api"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['8776']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_CINDER_API_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_CINDER_API_RULES')
appendManifestFile(manifestfile, manifestdata) appendManifestFile(manifestfile, manifestdata)

16
packstack/plugins/dashboard_500.py
View File

@@ -123,11 +123,11 @@ def create_manifest(config, messages):
manifestfile = "%s_horizon.pp" % horizon_host manifestfile = "%s_horizon.pp" % horizon_host
proto = "http" proto = "http"
config["CONFIG_HORIZON_PORT"] = "'80'" config["CONFIG_HORIZON_PORT"] = 80
sslmanifestdata = '' sslmanifestdata = ''
if config["CONFIG_HORIZON_SSL"] == 'y': if config["CONFIG_HORIZON_SSL"] == 'y':
config["CONFIG_HORIZON_SSL"] = 'true' config["CONFIG_HORIZON_SSL"] = True
config["CONFIG_HORIZON_PORT"] = "'443'" config["CONFIG_HORIZON_PORT"] = 443
proto = "https" proto = "https"
# Are we using the users cert/key files # Are we using the users cert/key files
@@ -160,16 +160,16 @@ def create_manifest(config, messages):
"/etc/httpd/conf.d/ssl.conf on %s to use a CA signed cert." "/etc/httpd/conf.d/ssl.conf on %s to use a CA signed cert."
% (utils.COLORS['red'], utils.COLORS['nocolor'], horizon_host)) % (utils.COLORS['red'], utils.COLORS['nocolor'], horizon_host))
else: else:
config["CONFIG_HORIZON_SSL"] = 'false' config["CONFIG_HORIZON_SSL"] = False
config["CONFIG_HORIZON_NEUTRON_LB"] = 'false' config["CONFIG_HORIZON_NEUTRON_LB"] = False
config["CONFIG_HORIZON_NEUTRON_FW"] = 'false' config["CONFIG_HORIZON_NEUTRON_FW"] = False
if config['CONFIG_NEUTRON_INSTALL'] == 'y': if config['CONFIG_NEUTRON_INSTALL'] == 'y':
if config["CONFIG_LBAAS_INSTALL"] == 'y': if config["CONFIG_LBAAS_INSTALL"] == 'y':
config["CONFIG_HORIZON_NEUTRON_LB"] = 'true' config["CONFIG_HORIZON_NEUTRON_LB"] = True
if config["CONFIG_NEUTRON_FWAAS"] == 'y': if config["CONFIG_NEUTRON_FWAAS"] == 'y':
config["CONFIG_HORIZON_NEUTRON_FW"] = 'true' config["CONFIG_HORIZON_NEUTRON_FW"] = True
manifestdata = getManifestTemplate("horizon.pp") manifestdata = getManifestTemplate("horizon.pp")
appendManifestFile(manifestfile, manifestdata) appendManifestFile(manifestfile, manifestdata)

23
packstack/plugins/glance_200.py
View File

@@ -15,7 +15,8 @@ from packstack.installer.utils import split_hosts
from packstack.modules.shortcuts import get_mq from packstack.modules.shortcuts import get_mq
from packstack.modules.ospluginutils import (getManifestTemplate, from packstack.modules.ospluginutils import (getManifestTemplate,
appendManifestFile) appendManifestFile,
createFirewallResources)
#------------------ oVirt installer initialization ------------------ #------------------ oVirt installer initialization ------------------
@@ -126,15 +127,15 @@ def create_manifest(config, messages):
mq_template = get_mq(config, "glance_ceilometer") mq_template = get_mq(config, "glance_ceilometer")
manifestdata += getManifestTemplate(mq_template) manifestdata += getManifestTemplate(mq_template)
manifestdata += getManifestTemplate( fw_details = dict()
'glance_%s.pp' % config['CONFIG_GLANCE_BACKEND']) key = "glance_api"
fw_details.setdefault(key, {})
config['FIREWALL_SERVICE_NAME'] = "glance" fw_details[key]['host'] = "ALL"
config['FIREWALL_PORTS'] = "'9292'" fw_details[key]['service_name'] = "glance"
config['FIREWALL_CHAIN'] = "INPUT" fw_details[key]['chain'] = "INPUT"
config['FIREWALL_PROTOCOL'] = 'tcp' fw_details[key]['ports'] = ['9292']
config['FIREWALL_ALLOWED'] = "'ALL'" fw_details[key]['proto'] = "tcp"
config['FIREWALL_SERVICE_ID'] = "glance_API" config['FIREWALL_GLANCE_RULES'] = fw_details
manifestdata += getManifestTemplate("firewall.pp")
manifestdata += createFirewallResources('FIREWALL_GLANCE_RULES')
appendManifestFile(manifestfile, manifestdata) appendManifestFile(manifestfile, manifestdata)

60
packstack/plugins/heat_750.py
View File

@@ -15,7 +15,8 @@ from packstack.installer import processors
from packstack.modules.shortcuts import get_mq from packstack.modules.shortcuts import get_mq
from packstack.modules.ospluginutils import (getManifestTemplate, from packstack.modules.ospluginutils import (getManifestTemplate,
manifestfiles, manifestfiles,
appendManifestFile) appendManifestFile,
createFirewallResources)
#------------------ oVirt installer initialization ------------------ #------------------ oVirt installer initialization ------------------
@@ -193,13 +194,18 @@ def create_manifest(config, messages):
manifestdata += getManifestTemplate("heat.pp") manifestdata += getManifestTemplate("heat.pp")
if config.get('CONFIG_HEAT_USING_TRUSTS', 'n') == 'y': if config.get('CONFIG_HEAT_USING_TRUSTS', 'n') == 'y':
manifestdata += getManifestTemplate("heat_trusts.pp") manifestdata += getManifestTemplate("heat_trusts.pp")
config['FIREWALL_SERVICE_NAME'] = "heat"
config['FIREWALL_PORTS'] = "'8004'" fw_details = dict()
config['FIREWALL_CHAIN'] = "INPUT" key = "heat"
config['FIREWALL_PROTOCOL'] = 'tcp' fw_details.setdefault(key, {})
config['FIREWALL_ALLOWED'] = "'ALL'" fw_details[key]['host'] = "ALL"
config['FIREWALL_SERVICE_ID'] = "heat" fw_details[key]['service_name'] = "heat"
manifestdata += getManifestTemplate("firewall.pp") fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['8004']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_HEAT_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_HEAT_RULES')
appendManifestFile(manifestfile, manifestdata) appendManifestFile(manifestfile, manifestdata)
@@ -217,13 +223,18 @@ def create_cloudwatch_manifest(config, messages):
manifestfile = "%s_heatcw.pp" % config['CONFIG_CONTROLLER_HOST'] manifestfile = "%s_heatcw.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate(get_mq(config, "heat")) manifestdata = getManifestTemplate(get_mq(config, "heat"))
manifestdata += getManifestTemplate("heat_cloudwatch.pp") manifestdata += getManifestTemplate("heat_cloudwatch.pp")
config['FIREWALL_SERVICE_NAME'] = "heat api cloudwatch"
config['FIREWALL_PORTS'] = "'8003'" fw_details = dict()
config['FIREWALL_CHAIN'] = "INPUT" key = "heat_api_cloudwatch"
config['FIREWALL_PROTOCOL'] = 'tcp' fw_details.setdefault(key, {})
config['FIREWALL_ALLOWED'] = "'ALL'" fw_details[key]['host'] = "ALL"
config['FIREWALL_SERVICE_ID'] = "heat_api_cloudwatch" fw_details[key]['service_name'] = "heat api cloudwatch"
manifestdata += getManifestTemplate("firewall.pp") fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['8003']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_HEAT_CLOUDWATCH_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_HEAT_CLOUDWATCH_RULES')
appendManifestFile(manifestfile, manifestdata, marker='heat') appendManifestFile(manifestfile, manifestdata, marker='heat')
@@ -231,11 +242,16 @@ def create_cfn_manifest(config, messages):
manifestfile = "%s_heatcnf.pp" % config['CONFIG_CONTROLLER_HOST'] manifestfile = "%s_heatcnf.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate(get_mq(config, "heat")) manifestdata = getManifestTemplate(get_mq(config, "heat"))
manifestdata += getManifestTemplate("heat_cfn.pp") manifestdata += getManifestTemplate("heat_cfn.pp")
config['FIREWALL_SERVICE_NAME'] = "heat_cfn"
config['FIREWALL_PORTS'] = "'8000'" fw_details = dict()
config['FIREWALL_CHAIN'] = "INPUT" key = "heat_cfn"
config['FIREWALL_PROTOCOL'] = 'tcp' fw_details.setdefault(key, {})
config['FIREWALL_ALLOWED'] = "'ALL'" fw_details[key]['host'] = "ALL"
config['FIREWALL_SERVICE_ID'] = "heat_cfn" fw_details[key]['service_name'] = "heat cfn"
manifestdata += getManifestTemplate("firewall.pp") fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['8000']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_HEAT_CFN_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_HEAT_CFN_RULES')
appendManifestFile(manifestfile, manifestdata, marker='heat') appendManifestFile(manifestfile, manifestdata, marker='heat')

20
packstack/plugins/keystone_100.py
View File

@@ -13,7 +13,8 @@ from packstack.installer import basedefs
from packstack.installer import utils from packstack.installer import utils
from packstack.modules.ospluginutils import (getManifestTemplate, from packstack.modules.ospluginutils import (getManifestTemplate,
appendManifestFile) appendManifestFile,
createFirewallResources)
#------------------ oVirt installer initialization ------------------ #------------------ oVirt installer initialization ------------------
@@ -142,12 +143,15 @@ def create_manifest(config, messages):
manifestfile = "%s_keystone.pp" % config['CONFIG_CONTROLLER_HOST'] manifestfile = "%s_keystone.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate("keystone.pp") manifestdata = getManifestTemplate("keystone.pp")
config['FIREWALL_ALLOWED'] = "'ALL'" fw_details = dict()
config['FIREWALL_SERVICE_NAME'] = "keystone" key = "keystone"
config['FIREWALL_SERVICE_ID'] = "keystone" fw_details.setdefault(key, {})
config['FIREWALL_PORTS'] = "['5000', '35357']" fw_details[key]['host'] = "ALL"
config['FIREWALL_CHAIN'] = "INPUT" fw_details[key]['service_name'] = "keystone"
config['FIREWALL_PROTOCOL'] = 'tcp' fw_details[key]['chain'] = "INPUT"
manifestdata += getManifestTemplate("firewall.pp") fw_details[key]['ports'] = ['5000', '35357']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_KEYSTONE_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_KEYSTONE_RULES')
appendManifestFile(manifestfile, manifestdata) appendManifestFile(manifestfile, manifestdata)

20
packstack/plugins/mariadb_003.py
View File

@@ -14,7 +14,8 @@ from packstack.installer.utils import split_hosts
from packstack.modules.common import filtered_hosts from packstack.modules.common import filtered_hosts
from packstack.modules.ospluginutils import (getManifestTemplate, from packstack.modules.ospluginutils import (getManifestTemplate,
appendManifestFile) appendManifestFile,
createFirewallResources)
#------------------ oVirt installer initialization ------------------ #------------------ oVirt installer initialization ------------------
@@ -114,13 +115,16 @@ def create_manifest(config, messages):
hosts = filtered_hosts(config, exclude=False, dbhost=True) hosts = filtered_hosts(config, exclude=False, dbhost=True)
config['FIREWALL_SERVICE_NAME'] = "mariadb" fw_details = dict()
config['FIREWALL_PORTS'] = "'3306'"
config['FIREWALL_CHAIN'] = "INPUT"
config['FIREWALL_PROTOCOL'] = 'tcp'
for host in hosts: for host in hosts:
config['FIREWALL_ALLOWED'] = "'%s'" % host key = "mariadb_%s" % host
config['FIREWALL_SERVICE_ID'] = "mariadb_%s" % host fw_details.setdefault(key, {})
manifestdata.append(getManifestTemplate("firewall.pp")) fw_details[key]['host'] = "%s" % host
fw_details[key]['service_name'] = "mariadb"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['3306']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_MARIADB_RULES'] = fw_details
manifestdata.append(createFirewallResources('FIREWALL_MARIADB_RULES'))
appendManifestFile(manifestfile, "\n".join(manifestdata), 'pre') appendManifestFile(manifestfile, "\n".join(manifestdata), 'pre')

22
packstack/plugins/nagios_910.py
View File

@@ -14,7 +14,8 @@ from packstack.installer import utils
from packstack.modules.common import filtered_hosts from packstack.modules.common import filtered_hosts
from packstack.modules.ospluginutils import (getManifestTemplate, from packstack.modules.ospluginutils import (getManifestTemplate,
appendManifestFile) appendManifestFile,
createFirewallResources)
#------------------ oVirt installer initialization ------------------ #------------------ oVirt installer initialization ------------------
@@ -185,14 +186,19 @@ def create_nrpe_manifests(config, messages):
config['CONFIG_NRPE_HOST'] = hostname config['CONFIG_NRPE_HOST'] = hostname
manifestfile = "%s_nagios_nrpe.pp" % hostname manifestfile = "%s_nagios_nrpe.pp" % hostname
manifestdata = getManifestTemplate("nagios_nrpe.pp") manifestdata = getManifestTemplate("nagios_nrpe.pp")
# Only the Nagios host is allowed to talk to nrpe # Only the Nagios host is allowed to talk to nrpe
config['FIREWALL_ALLOWED'] = "'%s'" % config['CONFIG_CONTROLLER_HOST'] fw_details = dict()
config['FIREWALL_SERVICE_NAME'] = "nagios-nrpe" key = "nagios_nrpe"
config['FIREWALL_SERVICE_ID'] = "nagios_nrpe" fw_details.setdefault(key, {})
config['FIREWALL_PORTS'] = '5666' fw_details[key]['host'] = "%s" % config['CONFIG_CONTROLLER_HOST']
config['FIREWALL_CHAIN'] = "INPUT" fw_details[key]['service_name'] = "nagios-nrpe"
config['FIREWALL_PROTOCOL'] = 'tcp' fw_details[key]['chain'] = "INPUT"
manifestdata += getManifestTemplate("firewall.pp") fw_details[key]['ports'] = ['5666']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_NAGIOS_NRPE_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_NAGIOS_NRPE_RULES')
appendManifestFile(manifestfile, manifestdata) appendManifestFile(manifestfile, manifestdata)
messages.append("To use Nagios, browse to " messages.append("To use Nagios, browse to "

116
packstack/plugins/neutron_350.py
View File

@@ -19,7 +19,8 @@ from packstack.installer.utils import split_hosts
from packstack.modules.common import filtered_hosts from packstack.modules.common import filtered_hosts
from packstack.modules.shortcuts import get_mq from packstack.modules.shortcuts import get_mq
from packstack.modules.ospluginutils import (getManifestTemplate, from packstack.modules.ospluginutils import (getManifestTemplate,
appendManifestFile) appendManifestFile,
createFirewallResources)
#------------------ oVirt installer initialization ------------------ #------------------ oVirt installer initialization ------------------
@@ -569,9 +570,12 @@ def initSequences(controller):
'CONFIG_NEUTRON_ML2_VLAN_RANGES', 'CONFIG_NEUTRON_ML2_VLAN_RANGES',
'CONFIG_NEUTRON_ML2_TUNNEL_ID_RANGES', 'CONFIG_NEUTRON_ML2_TUNNEL_ID_RANGES',
'CONFIG_NEUTRON_ML2_VNI_RANGES'): 'CONFIG_NEUTRON_ML2_VNI_RANGES'):
config[key] = str([i.strip() for i in config[key].split(',') if i]) if config[key] == '':
config[key] = []
else:
config[key] = [i.strip() for i in config[key].split(',') if i]
key = 'CONFIG_NEUTRON_ML2_VXLAN_GROUP' key = 'CONFIG_NEUTRON_ML2_VXLAN_GROUP'
config[key] = "'%s'" % config[key] if config[key] else 'undef' config[key] = "%s" % config[key] if config[key] else ''
config['CONFIG_NEUTRON_L2_DBNAME'] = plugin_db config['CONFIG_NEUTRON_L2_DBNAME'] = plugin_db
config['CONFIG_NEUTRON_CORE_PLUGIN'] = plugin_path config['CONFIG_NEUTRON_CORE_PLUGIN'] = plugin_path
@@ -702,8 +706,7 @@ def get_agent_type(config):
# "vlan,gre" or "vlan,vxlan" so that VLANs are used if available, # "vlan,gre" or "vlan,vxlan" so that VLANs are used if available,
# but tunnels are used if not. # but tunnels are used if not.
tenant_types = config.get('CONFIG_NEUTRON_ML2_TENANT_NETWORK_TYPES', tenant_types = config.get('CONFIG_NEUTRON_ML2_TENANT_NETWORK_TYPES',
"['local']").strip('[]') "local")
tenant_types = [i.strip('"\'') for i in tenant_types.split(',')]
for i in ['gre', 'vxlan', 'vlan']: for i in ['gre', 'vxlan', 'vlan']:
if i in tenant_types: if i in tenant_types:
@@ -737,7 +740,7 @@ def create_manifests(config, messages):
'neutron.services.firewall.fwaas_plugin.FirewallPlugin' 'neutron.services.firewall.fwaas_plugin.FirewallPlugin'
) )
config['SERVICE_PLUGINS'] = (str(service_plugins) if service_plugins config['SERVICE_PLUGINS'] = (service_plugins if service_plugins
else 'undef') else 'undef')
if config['CONFIG_NEUTRON_L2_PLUGIN'] == 'openvswitch': if config['CONFIG_NEUTRON_L2_PLUGIN'] == 'openvswitch':
@@ -765,33 +768,44 @@ def create_manifests(config, messages):
# XXX I am not completely sure about this, but it seems necessary: # XXX I am not completely sure about this, but it seems necessary:
manifest_data += getManifestTemplate(plugin_manifest) manifest_data += getManifestTemplate(plugin_manifest)
#Firewall # Firewall
config['FIREWALL_SERVICE_NAME'] = "neutron server" fw_details = dict()
config['FIREWALL_PORTS'] = "'9696'" key = "neutron_server_%s" % host
config['FIREWALL_CHAIN'] = "INPUT" fw_details.setdefault(key, {})
config['FIREWALL_PROTOCOL'] = 'tcp' fw_details[key]['host'] = "ALL"
config['FIREWALL_ALLOWED'] = "'ALL'" fw_details[key]['service_name'] = "neutron server"
config['FIREWALL_SERVICE_ID'] = ("neutron_server_%s" fw_details[key]['chain'] = "INPUT"
% (host)) fw_details[key]['ports'] = ['9696']
manifest_data += getManifestTemplate("firewall.pp") fw_details[key]['proto'] = "tcp"
config['FIREWALL_NEUTRON_SERVER_RULES'] = fw_details
manifest_data += createFirewallResources(
'FIREWALL_NEUTRON_SERVER_RULES'
)
appendManifestFile(manifest_file, manifest_data, 'neutron') appendManifestFile(manifest_file, manifest_data, 'neutron')
# We also need to open VXLAN/GRE port for agent # We also need to open VXLAN/GRE port for agent
if use_openvswitch_vxlan(config) or use_openvswitch_gre(config): if use_openvswitch_vxlan(config) or use_openvswitch_gre(config):
fw_details = dict()
key = "neutron_tunnel"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "neutron tunnel port"
fw_details[key]['chain'] = "INPUT"
if use_openvswitch_vxlan(config): if use_openvswitch_vxlan(config):
config['FIREWALL_PROTOCOL'] = 'udp' fw_details[key]['proto'] = 'udp'
tunnel_port = ("'%s'" tun_port = "%s" % config['CONFIG_NEUTRON_OVS_VXLAN_UDP_PORT']
% config['CONFIG_NEUTRON_OVS_VXLAN_UDP_PORT'])
else: else:
config['FIREWALL_PROTOCOL'] = 'gre' fw_details[key]['proto'] = 'gre'
tunnel_port = 'undef' tun_port = 'undef'
config['FIREWALL_ALLOWED'] = "'ALL'"
config['FIREWALL_SERVICE_NAME'] = "neutron tunnel port" fw_details[key]['ports'] = tun_port
config['FIREWALL_SERVICE_ID'] = ("neutron_tunnel") config['FIREWALL_NEUTRON_TUNNEL_RULES'] = fw_details
config['FIREWALL_PORTS'] = tunnel_port
config['FIREWALL_CHAIN'] = "INPUT" manifest_data = createFirewallResources(
manifest_data = getManifestTemplate('firewall.pp') 'FIREWALL_NEUTRON_TUNNEL_RULES'
)
appendManifestFile(manifest_file, manifest_data, 'neutron') appendManifestFile(manifest_file, manifest_data, 'neutron')
@@ -839,21 +853,32 @@ def create_dhcp_manifests(config, messages):
manifest_data = getManifestTemplate("neutron_dhcp.pp") manifest_data = getManifestTemplate("neutron_dhcp.pp")
manifest_file = "%s_neutron.pp" % (host,) manifest_file = "%s_neutron.pp" % (host,)
# Firewall Rules for dhcp in # Firewall Rules for dhcp in
config['FIREWALL_PROTOCOL'] = 'udp' fw_details = dict()
config['FIREWALL_ALLOWED'] = "'ALL'" key = "neutron_dhcp_in_%s" % host
config['FIREWALL_SERVICE_NAME'] = "neutron dhcp in: " fw_details.setdefault(key, {})
config['FIREWALL_SERVICE_ID'] = "neutron_dhcp_in_%s" % host fw_details[key]['host'] = "ALL"
config['FIREWALL_PORTS'] = "'67'" fw_details[key]['service_name'] = "neutron dhcp in"
config['FIREWALL_CHAIN'] = "INPUT" fw_details[key]['chain'] = "INPUT"
manifest_data += getManifestTemplate("firewall.pp") fw_details[key]['ports'] = ['67']
fw_details[key]['proto'] = "udp"
config['FIREWALL_NEUTRON_DHCPIN_RULES'] = fw_details
manifest_data += createFirewallResources(
'FIREWALL_NEUTRON_DHCPIN_RULES'
)
# Firewall Rules for dhcp out # Firewall Rules for dhcp out
config['FIREWALL_PROTOCOL'] = 'udp' fw_details = dict()
config['FIREWALL_ALLOWED'] = "'ALL'" key = "neutron_dhcp_out_%s" % host
config['FIREWALL_SERVICE_NAME'] = "neutron dhcp out: " fw_details.setdefault(key, {})
config['FIREWALL_SERVICE_ID'] = "neutron_dhcp_out_%s" % host fw_details[key]['host'] = "ALL"
config['FIREWALL_PORTS'] = "'68'" fw_details[key]['service_name'] = "neutron dhcp out"
config['FIREWALL_CHAIN'] = "OUTPUT" fw_details[key]['chain'] = "OUTPUT"
manifest_data += getManifestTemplate("firewall.pp") fw_details[key]['ports'] = ['68']
fw_details[key]['proto'] = "udp"
config['FIREWALL_NEUTRON_DHCPOUT_RULES'] = fw_details
manifest_data += createFirewallResources(
'FIREWALL_NEUTRON_DHCPOUT_RULES'
)
appendManifestFile(manifest_file, manifest_data, 'neutron') appendManifestFile(manifest_file, manifest_data, 'neutron')
@@ -895,12 +920,11 @@ def create_l2_agent_manifests(config, messages):
# for other plugin template generation # for other plugin template generation
if ('l2population' in if ('l2population' in
config.get('CONFIG_NEUTRON_ML2_MECHANISM_DRIVERS', [])): config.get('CONFIG_NEUTRON_ML2_MECHANISM_DRIVERS', [])):
config['CONFIG_NEUTRON_USE_L2POPULATION'] = 'true' config['CONFIG_NEUTRON_USE_L2POPULATION'] = True
else: else:
config['CONFIG_NEUTRON_USE_L2POPULATION'] = 'false' config['CONFIG_NEUTRON_USE_L2POPULATION'] = False
if agent == "openvswitch": if agent == "openvswitch":
host_var = 'CONFIG_NEUTRON_OVS_HOST'
if plugin == agent: if plugin == agent:
# monolithic plugin installation # monolithic plugin installation
ovs_type = 'CONFIG_NEUTRON_OVS_TENANT_NETWORK_TYPE' ovs_type = 'CONFIG_NEUTRON_OVS_TENANT_NETWORK_TYPE'
@@ -919,7 +943,7 @@ def create_l2_agent_manifests(config, messages):
# expects this parameter to be an array, this parameter must be # expects this parameter to be an array, this parameter must be
# properly formatted by packstack, then consumed by the puppet module. # properly formatted by packstack, then consumed by the puppet module.
# For example, the input string 'A, B' should formatted as '['A','B']'. # For example, the input string 'A, B' should formatted as '['A','B']'.
config["CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS"] = str(bm_arr) config["CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS"] = bm_arr
elif agent == "linuxbridge": elif agent == "linuxbridge":
host_var = 'CONFIG_NEUTRON_LB_HOST' host_var = 'CONFIG_NEUTRON_LB_HOST'
template_name = 'neutron_lb_agent.pp' template_name = 'neutron_lb_agent.pp'
@@ -927,9 +951,9 @@ def create_l2_agent_manifests(config, messages):
raise KeyError("Unknown layer2 agent") raise KeyError("Unknown layer2 agent")
for host in network_hosts | compute_hosts: for host in network_hosts | compute_hosts:
config[host_var] = host
manifestfile = "%s_neutron.pp" % (host,) manifestfile = "%s_neutron.pp" % (host,)
manifestdata = getManifestTemplate(template_name) manifestdata = "$cfg_neutron_ovs_host = '%s'\n" % host
manifestdata += getManifestTemplate(template_name)
appendManifestFile(manifestfile, manifestdata + "\n") appendManifestFile(manifestfile, manifestdata + "\n")
# neutron ovs port only on network hosts # neutron ovs port only on network hosts
if ( if (

100
packstack/plugins/nova_300.py
View File

@@ -15,7 +15,8 @@ from packstack.installer.exceptions import ScriptRuntimeError
from packstack.modules.shortcuts import get_mq from packstack.modules.shortcuts import get_mq
from packstack.modules.ospluginutils import (NovaConfig, getManifestTemplate, from packstack.modules.ospluginutils import (NovaConfig, getManifestTemplate,
appendManifestFile, manifestfiles) appendManifestFile, manifestfiles,
createFirewallResources)
#------------------ oVirt installer initialization ------------------ #------------------ oVirt installer initialization ------------------
@@ -427,16 +428,21 @@ def create_api_manifest(config, messages):
config['CONFIG_NEUTRON_METADATA_PW_UNQUOTED'] = 'undef' config['CONFIG_NEUTRON_METADATA_PW_UNQUOTED'] = 'undef'
else: else:
config['CONFIG_NEUTRON_METADATA_PW_UNQUOTED'] = \ config['CONFIG_NEUTRON_METADATA_PW_UNQUOTED'] = \
"'%s'" % config['CONFIG_NEUTRON_METADATA_PW'] "%s" % config['CONFIG_NEUTRON_METADATA_PW']
manifestfile = "%s_api_nova.pp" % config['CONFIG_CONTROLLER_HOST'] manifestfile = "%s_api_nova.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate("nova_api.pp") manifestdata = getManifestTemplate("nova_api.pp")
config['FIREWALL_SERVICE_NAME'] = "nova api"
config['FIREWALL_PORTS'] = "['8773', '8774', '8775']" fw_details = dict()
config['FIREWALL_CHAIN'] = "INPUT" key = "nova_api"
config['FIREWALL_PROTOCOL'] = 'tcp' fw_details.setdefault(key, {})
config['FIREWALL_ALLOWED'] = "'ALL'" fw_details[key]['host'] = "ALL"
config['FIREWALL_SERVICE_ID'] = "nova_api" fw_details[key]['service_name'] = "nova api"
manifestdata += getManifestTemplate("firewall.pp") fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['8773', '8774', '8775']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_NOVA_API_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_NOVA_API_RULES')
appendManifestFile(manifestfile, manifestdata, 'novaapi') appendManifestFile(manifestfile, manifestdata, 'novaapi')
@@ -473,6 +479,8 @@ def create_compute_manifest(config, messages):
) )
ssh_hostkeys = '' ssh_hostkeys = ''
ssh_keys_details = {}
for host in compute_hosts: for host in compute_hosts:
try: try:
hostname, aliases, addrs = socket.gethostbyaddr(host) hostname, aliases, addrs = socket.gethostbyaddr(host)
@@ -485,27 +493,33 @@ def create_compute_manifest(config, messages):
continue continue
_, host_key_type, host_key_data = hostkey.split() _, host_key_type, host_key_data = hostkey.split()
config['SSH_HOST_NAME'] = hostname key = "%s.%s" % (host_key_type, hostname)
config['SSH_HOST_ALIASES'] = ','.join( ssh_keys_details.setdefault(key, {})
'"%s"' % addr for addr in aliases + addrs ssh_keys_details[key]['ensure'] = 'present'
) ssh_keys_details[key]['host_aliases'] = aliases + addrs
config['SSH_HOST_KEY'] = host_key_data ssh_keys_details[key]['key'] = host_key_data
config['SSH_HOST_KEY_TYPE'] = host_key_type ssh_keys_details[key]['type'] = host_key_type
ssh_hostkeys += getManifestTemplate("sshkey.pp")
config['SSH_KEYS'] = ssh_keys_details
ssh_hostkeys += getManifestTemplate("sshkey.pp")
for host in compute_hosts: for host in compute_hosts:
config["CONFIG_NOVA_COMPUTE_HOST"] = host config["CONFIG_NOVA_COMPUTE_HOST"] = host
manifestdata = getManifestTemplate("nova_compute.pp") manifestdata = getManifestTemplate("nova_compute.pp")
fw_details = dict()
cf_fw_qemu_mig_key = "FIREWALL_NOVA_QEMU_MIG_RULES_%s" % host
for c_host in compute_hosts: for c_host in compute_hosts:
config['FIREWALL_SERVICE_NAME'] = "nova qemu migration" key = "nova_qemu_migration_%s_%s" % (host, c_host)
config['FIREWALL_PORTS'] = ['16509', '49152-49215'] fw_details.setdefault(key, {})
config['FIREWALL_CHAIN'] = "INPUT" fw_details[key]['host'] = "%s" % c_host
config['FIREWALL_PROTOCOL'] = 'tcp' fw_details[key]['service_name'] = "nova qemu migration"
config['FIREWALL_ALLOWED'] = "'%s'" % c_host fw_details[key]['chain'] = "INPUT"
config['FIREWALL_SERVICE_ID'] = ("nova_qemu_migration_%s_%s" fw_details[key]['ports'] = ['16509', '49152-49215']
% (host, c_host)) fw_details[key]['proto'] = "tcp"
manifestdata += getManifestTemplate("firewall.pp")
config[cf_fw_qemu_mig_key] = fw_details
manifestdata += createFirewallResources(cf_fw_qemu_mig_key)
if config['CONFIG_VMWARE_BACKEND'] == 'y': if config['CONFIG_VMWARE_BACKEND'] == 'y':
manifestdata += getManifestTemplate("nova_compute_vmware.pp") manifestdata += getManifestTemplate("nova_compute_vmware.pp")
@@ -540,14 +554,19 @@ def create_compute_manifest(config, messages):
manifestdata += getManifestTemplate(mq_template) manifestdata += getManifestTemplate(mq_template)
manifestdata += getManifestTemplate("nova_ceilometer.pp") manifestdata += getManifestTemplate("nova_ceilometer.pp")
config['FIREWALL_PORTS'] = ['5900-5999'] fw_details = dict()
config['FIREWALL_ALLOWED'] = "'%s'" % config['CONFIG_CONTROLLER_HOST'] key = "nova_compute"
config['FIREWALL_SERVICE_NAME'] = "nova compute" fw_details.setdefault(key, {})
config['FIREWALL_SERVICE_ID'] = "nova_compute" fw_details[key]['host'] = "%s" % config['CONFIG_CONTROLLER_HOST']
config['FIREWALL_CHAIN'] = "INPUT" fw_details[key]['service_name'] = "nova compute"
config['FIREWALL_PROTOCOL'] = 'tcp' fw_details[key]['chain'] = "INPUT"
manifestdata += getManifestTemplate("firewall.pp") fw_details[key]['ports'] = ['5900-5999']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_NOVA_COMPUTE_RULES'] = fw_details
manifestdata += "\n" + createFirewallResources(
'FIREWALL_NOVA_COMPUTE_RULES'
)
manifestdata += "\n" + nova_config_options.getManifestEntry() manifestdata += "\n" + nova_config_options.getManifestEntry()
manifestdata += "\n" + ssh_hostkeys manifestdata += "\n" + ssh_hostkeys
appendManifestFile(manifestfile, manifestdata) appendManifestFile(manifestfile, manifestdata)
@@ -617,6 +636,7 @@ def create_common_manifest(config, messages):
dbacces_hosts |= network_hosts dbacces_hosts |= network_hosts
for manifestfile, marker in manifestfiles.getFiles(): for manifestfile, marker in manifestfiles.getFiles():
pw_in_sqlconn = False
if manifestfile.endswith("_nova.pp"): if manifestfile.endswith("_nova.pp"):
host, manifest = manifestfile.split('_', 1) host, manifest = manifestfile.split('_', 1)
host = host.strip() host = host.strip()
@@ -625,10 +645,17 @@ def create_common_manifest(config, messages):
# we should omit password in case we are installing only # we should omit password in case we are installing only
# nova-compute to the host # nova-compute to the host
perms = "nova" perms = "nova"
pw_in_sqlconn = False
else: else:
perms = "nova:%(CONFIG_NOVA_DB_PW)s" perms = "nova:%s" % config['CONFIG_NOVA_DB_PW']
sqlconn = "mysql://%s@%%(CONFIG_MARIADB_HOST)s/nova" % perms pw_in_sqlconn = True
config['CONFIG_NOVA_SQL_CONN'] = sqlconn % config
sqlconn = "mysql://%s@%s/nova" % (perms,
config['CONFIG_MARIADB_HOST'])
if pw_in_sqlconn:
config['CONFIG_NOVA_SQL_CONN_PW'] = sqlconn
else:
config['CONFIG_NOVA_SQL_CONN_NOPW'] = sqlconn
# for nova-network in multihost mode each compute host is metadata # for nova-network in multihost mode each compute host is metadata
# host otherwise we use api host # host otherwise we use api host
@@ -640,7 +667,10 @@ def create_common_manifest(config, messages):
config['CONFIG_NOVA_METADATA_HOST'] = metadata config['CONFIG_NOVA_METADATA_HOST'] = metadata
data = getManifestTemplate(get_mq(config, "nova_common")) data = getManifestTemplate(get_mq(config, "nova_common"))
data += getManifestTemplate("nova_common.pp") if pw_in_sqlconn:
data += getManifestTemplate("nova_common_pw.pp")
else:
data += getManifestTemplate("nova_common_nopw.pp")
appendManifestFile(os.path.split(manifestfile)[1], data) appendManifestFile(os.path.split(manifestfile)[1], data)

2
packstack/plugins/openstack_client_400.py
View File

@@ -62,7 +62,7 @@ def create_manifest(config, messages):
no_root_allinone = (client_host == utils.get_localhost_ip() and no_root_allinone = (client_host == utils.get_localhost_ip() and
root_home != homedir) root_home != homedir)
config['NO_ROOT_USER_ALLINONE'] = no_root_allinone and 'true' or 'false' config['NO_ROOT_USER_ALLINONE'] = no_root_allinone and True or False
manifestdata = getManifestTemplate("openstack_client.pp") manifestdata = getManifestTemplate("openstack_client.pp")
appendManifestFile(manifestfile, manifestdata) appendManifestFile(manifestfile, manifestdata)

2
packstack/plugins/prescript_000.py
View File

@@ -666,7 +666,7 @@ def discover(config, messages):
def create_manifest(config, messages): def create_manifest(config, messages):
key = 'CONFIG_DEBUG_MODE' key = 'CONFIG_DEBUG_MODE'
config[key] = config[key] == 'y' and 'true' or 'false' config[key] = config[key] == 'y' and True or False
for hostname in filtered_hosts(config): for hostname in filtered_hosts(config):
manifestfile = "%s_prescript.pp" % hostname manifestfile = "%s_prescript.pp" % hostname

4
packstack/plugins/provision_700.py
View File

@@ -246,9 +246,9 @@ def initSequences(controller):
def marshall_conf_bool(conf, key): def marshall_conf_bool(conf, key):
if conf[key] == 'y': if conf[key] == 'y':
conf[key] = 'true' conf[key] = True
else: else:
conf[key] = 'false' conf[key] = False
def using_heat(config): def using_heat(config):

28
packstack/plugins/puppet_950.py
View File

@@ -15,7 +15,8 @@ from packstack.installer import basedefs, output_messages
from packstack.installer.exceptions import ScriptRuntimeError, PuppetError from packstack.installer.exceptions import ScriptRuntimeError, PuppetError
from packstack.modules.common import filtered_hosts from packstack.modules.common import filtered_hosts
from packstack.modules.ospluginutils import manifestfiles from packstack.modules.ospluginutils import (manifestfiles,
generateHieraDataFile)
from packstack.modules.puppet import scan_logfile, validate_logfile from packstack.modules.puppet import scan_logfile, validate_logfile
@@ -129,7 +130,7 @@ def run_cleanup(config, messages):
def install_deps(config, messages): def install_deps(config, messages):
deps = ["puppet", "openssh-clients", "tar", "nc"] deps = ["puppet", "hiera", "openssh-clients", "tar", "nc"]
modules_pkg = 'openstack-puppet-modules' modules_pkg = 'openstack-puppet-modules'
local = utils.ScriptRunner() local = utils.ScriptRunner()
@@ -157,6 +158,18 @@ def install_deps(config, messages):
# yum does not fail if one of the packages is missing # yum does not fail if one of the packages is missing
for package in deps: for package in deps:
server.append("rpm -q --whatprovides %s" % (package)) server.append("rpm -q --whatprovides %s" % (package))
# To avoid warning messages such as
# "Warning: Config file /etc/puppet/hiera.yaml not found, using Hiera
# defaults". We create a symbolic link to /etc/hiera.yaml.
server.append('[[ ! -L /etc/puppet/hiera.yaml ]] && '
'ln -s /etc/hiera.yaml /etc/puppet/hiera.yaml || '
'echo "hiera.yaml symlink already created"')
server.append("sed -i 's;:datadir:.*;:datadir: "
"%s/hieradata;g' /etc/puppet/hiera.yaml"
% config['HOST_DETAILS'][hostname]['tmpdir'])
server.execute() server.execute()
@@ -170,12 +183,21 @@ def copy_puppet_modules(config, messages):
'vcsrepo', 'vlan', 'vswitch', 'xinetd', 'vcsrepo', 'vlan', 'vswitch', 'xinetd',
'openstacklib')) 'openstacklib'))
# write puppet manifest to disk # write puppet manifest to disk
manifestfiles.writeManifests() manifestfiles.writeManifests()
# write hieradata file to disk
generateHieraDataFile()
server = utils.ScriptRunner() server = utils.ScriptRunner()
for hostname in filtered_hosts(config): for hostname in filtered_hosts(config):
host_dir = config['HOST_DETAILS'][hostname]['tmpdir'] host_dir = config['HOST_DETAILS'][hostname]['tmpdir']
# copy hiera defaults.yaml file
server.append("cd %s" % basedefs.HIERADATA_DIR)
server.append("tar --dereference -cpzf - ../hieradata | "
"ssh -o StrictHostKeyChecking=no "
"-o UserKnownHostsFile=/dev/null "
"root@%s tar -C %s -xpzf -" % (hostname, host_dir))
# copy Packstack manifests # copy Packstack manifests
server.append("cd %s/puppet" % basedefs.DIR_PROJECT_DIR) server.append("cd %s/puppet" % basedefs.DIR_PROJECT_DIR)
server.append("cd %s" % basedefs.PUPPET_MANIFEST_DIR) server.append("cd %s" % basedefs.PUPPET_MANIFEST_DIR)

39
packstack/plugins/swift_600.py
View File

@@ -18,7 +18,8 @@ from packstack.installer import utils
from packstack.installer.utils import split_hosts from packstack.installer.utils import split_hosts
from packstack.modules.ospluginutils import (getManifestTemplate, from packstack.modules.ospluginutils import (getManifestTemplate,
appendManifestFile, manifestfiles) appendManifestFile, manifestfiles,
createFirewallResources)
#------------------ oVirt installer initialization ------------------ #------------------ oVirt installer initialization ------------------
@@ -287,13 +288,18 @@ def create_builder_manifest(config, messages):
def create_proxy_manifest(config, messages): def create_proxy_manifest(config, messages):
manifestfile = "%s_swift.pp" % config['CONFIG_CONTROLLER_HOST'] manifestfile = "%s_swift.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate("swift_proxy.pp") manifestdata = getManifestTemplate("swift_proxy.pp")
config['FIREWALL_SERVICE_NAME'] = "swift proxy"
config['FIREWALL_PORTS'] = "'8080'" fw_details = dict()
config['FIREWALL_CHAIN'] = "INPUT" key = "swift_proxy"
config['FIREWALL_PROTOCOL'] = 'tcp' fw_details.setdefault(key, {})
config['FIREWALL_ALLOWED'] = "'ALL'" fw_details[key]['host'] = "ALL"
config['FIREWALL_SERVICE_ID'] = "swift_proxy" fw_details[key]['service_name'] = "swift proxy"
manifestdata += getManifestTemplate("firewall.pp") fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['8080']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_SWIFT_PROXY_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_SWIFT_PROXY_RULES')
appendManifestFile(manifestfile, manifestdata) appendManifestFile(manifestfile, manifestdata)
@@ -324,15 +330,18 @@ def create_storage_manifest(config, messages):
if config['CONFIG_NOVA_INSTALL'] == 'y': if config['CONFIG_NOVA_INSTALL'] == 'y':
hosts |= split_hosts(config['CONFIG_COMPUTE_HOSTS']) hosts |= split_hosts(config['CONFIG_COMPUTE_HOSTS'])
config['FIREWALL_SERVICE_NAME'] = "swift storage and rsync" fw_details = dict()
config['FIREWALL_PORTS'] = "['6000', '6001', '6002', '873']"
config['FIREWALL_CHAIN'] = "INPUT"
config['FIREWALL_PROTOCOL'] = 'tcp'
for host in hosts: for host in hosts:
config['FIREWALL_ALLOWED'] = "'%s'" % host key = "swift_storage_and_rsync_%s" % host
config['FIREWALL_SERVICE_ID'] = "swift_storage_and_rsync_%s" % host fw_details.setdefault(key, {})
manifestdata += getManifestTemplate("firewall.pp") fw_details[key]['host'] = "%s" % host
fw_details[key]['service_name'] = "swift storage and rsync"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['6000', '6001', '6002', '873']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_SWIFT_STORAGE_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_SWIFT_STORAGE_RULES')
appendManifestFile(manifestfile, manifestdata) appendManifestFile(manifestfile, manifestdata)

89
packstack/puppet/templates/amqp.pp
View File

@@ -1,42 +1,43 @@
$amqp = '%(CONFIG_AMQP_BACKEND)s' $amqp = hiera('CONFIG_AMQP_BACKEND')
case $amqp { case $amqp {
'qpid': { 'qpid': {
enable_qpid {"qpid": enable_qpid { 'qpid':
enable_ssl => %(CONFIG_AMQP_ENABLE_SSL)s, enable_ssl => hiera('CONFIG_AMQP_ENABLE_SSL'),
enable_auth => '%(CONFIG_AMQP_ENABLE_AUTH)s', enable_auth => hiera('CONFIG_AMQP_ENABLE_AUTH'),
} }
} }
'rabbitmq': { 'rabbitmq': {
enable_rabbitmq {"rabbitmq":} enable_rabbitmq { 'rabbitmq': }
} }
default: {}
} }
define enable_rabbitmq { define enable_rabbitmq {
package { "erlang": package { 'erlang':
ensure => "installed" ensure => 'installed',
} }
class {"rabbitmq": class { 'rabbitmq':
port => '%(CONFIG_AMQP_CLIENTS_PORT)s', port => hiera('CONFIG_AMQP_CLIENTS_PORT'),
ssl_management_port => '%(CONFIG_AMQP_SSL_PORT)s', ssl_management_port => hiera('CONFIG_AMQP_SSL_PORT'),
ssl => %(CONFIG_AMQP_ENABLE_SSL)s, ssl => hiera('CONFIG_AMQP_ENABLE_SSL'),
ssl_cert => '%(CONFIG_AMQP_SSL_CERT_FILE)s', ssl_cert => hiera('CONFIG_AMQP_SSL_CERT_FILE'),
ssl_key => '%(CONFIG_AMQP_SSL_KEY_FILE)s', ssl_key => hiera('CONFIG_AMQP_SSL_KEY_FILE'),
default_user => '%(CONFIG_AMQP_AUTH_USER)s', default_user => hiera('CONFIG_AMQP_AUTH_USER'),
default_pass => '%(CONFIG_AMQP_AUTH_PASSWORD)s', default_pass => hiera('CONFIG_AMQP_AUTH_PASSWORD'),
package_provider => 'yum', package_provider => 'yum',
admin_enable => false, admin_enable => false,
} }
Package['erlang']->Class['rabbitmq'] Package['erlang'] -> Class['rabbitmq']
} }
define enable_qpid($enable_ssl = 'n', $enable_auth = 'n') { define enable_qpid($enable_ssl = 'n', $enable_auth = 'n') {
case $::operatingsystem { case $::operatingsystem {
'Fedora': { 'Fedora': {
if (is_integer($::operatingsystemrelease) and $::operatingsystemrelease >= 20) or $::operatingsystemrelease == "Rawhide" { if (is_integer($::operatingsystemrelease) and $::operatingsystemrelease >= 20) or $::operatingsystemrelease == 'Rawhide' {
$config = '/etc/qpid/qpidd.conf' $config = '/etc/qpid/qpidd.conf'
} else { } else {
$config = '/etc/qpidd.conf' $config = '/etc/qpidd.conf'
@@ -56,18 +57,18 @@ define enable_qpid($enable_ssl = 'n', $enable_auth = 'n') {
} }
} }
class {"qpid::server": class { 'qpid::server':
config_file => $config, config_file => $config,
auth => $enable_auth ? { auth => $enable_auth ? {
'y' => 'yes', 'y' => 'yes',
default => 'no', default => 'no',
}, },
clustered => false, clustered => false,
ssl_port => '%(CONFIG_AMQP_SSL_PORT)s', ssl_port => hiera('CONFIG_AMQP_SSL_PORT'),
ssl => %(CONFIG_AMQP_ENABLE_SSL)s, ssl => hiera('CONFIG_AMQP_ENABLE_SSL'),
ssl_cert => '%(CONFIG_AMQP_SSL_CERT_FILE)s', ssl_cert => hiera('CONFIG_AMQP_SSL_CERT_FILE'),
ssl_key => '%(CONFIG_AMQP_SSL_KEY_FILE)s', ssl_key => hiera('CONFIG_AMQP_SSL_KEY_FILE'),
ssl_database_password => '%(CONFIG_AMQP_NSS_CERTDB_PW)s', ssl_database_password => hiera('CONFIG_AMQP_NSS_CERTDB_PW'),
} }
if $enable_ssl { if $enable_ssl {
@@ -82,25 +83,27 @@ define enable_qpid($enable_ssl = 'n', $enable_auth = 'n') {
} }
if $enable_auth == 'y' { if $enable_auth == 'y' {
add_qpid_user {"qpid_user":} add_qpid_user { 'qpid_user': }
} }
} }
define add_qpid_user { define add_qpid_user {
qpid_user { '%(CONFIG_AMQP_AUTH_USER)s': $config_amqp_auth_user = hiera('CONFIG_AMQP_AUTH_USER')
password => '%(CONFIG_AMQP_AUTH_PASSWORD)s', qpid_user { $config_amqp_auth_user:
file => '/var/lib/qpidd/qpidd.sasldb', password => hiera('CONFIG_AMQP_AUTH_PASSWORD'),
realm => 'QPID', file => '/var/lib/qpidd/qpidd.sasldb',
provider => 'saslpasswd2', realm => 'QPID',
require => Class['qpid::server'], provider => 'saslpasswd2',
require => Class['qpid::server'],
} }
file { 'sasldb_file': file { 'sasldb_file':
path => '/var/lib/qpidd/qpidd.sasldb', ensure => file,
ensure => file, path => '/var/lib/qpidd/qpidd.sasldb',
owner => 'qpidd', owner => 'qpidd',
group => 'qpidd', group => 'qpidd',
require => Package['qpid-cpp-server'], require => Package['qpid-cpp-server'],
} }
} }

30
packstack/puppet/templates/ceilometer.pp
View File

@@ -1,28 +1,28 @@
$config_mongodb_host = hiera('CONFIG_MONGODB_HOST')
class { 'ceilometer::db': class { 'ceilometer::db':
database_connection => 'mongodb://%(CONFIG_MONGODB_HOST)s:27017/ceilometer', database_connection => "mongodb://${config_mongodb_host}:27017/ceilometer",
} }
class { 'ceilometer::collector': class { 'ceilometer::collector': }
}
class { 'ceilometer::agent::notification': class { 'ceilometer::agent::notification': }
}
$config_controller_host = hiera('CONFIG_CONTROLLER_HOST')
class { 'ceilometer::agent::auth': class { 'ceilometer::agent::auth':
auth_url => 'http://%(CONFIG_CONTROLLER_HOST)s:35357/v2.0', auth_url => "http://${config_controller_host}:35357/v2.0",
auth_password => '%(CONFIG_CEILOMETER_KS_PW)s', auth_password => hiera('CONFIG_CEILOMETER_KS_PW'),
} }
class { 'ceilometer::agent::central': class { 'ceilometer::agent::central': }
}
class { 'ceilometer::alarm::notifier': class { 'ceilometer::alarm::notifier':}
}
class { 'ceilometer::alarm::evaluator': class { 'ceilometer::alarm::evaluator':}
}
class { 'ceilometer::api': class { 'ceilometer::api':
keystone_host => '%(CONFIG_CONTROLLER_HOST)s', keystone_host => hiera('CONFIG_CONTROLLER_HOST'),
keystone_password => '%(CONFIG_CEILOMETER_KS_PW)s', keystone_password => hiera('CONFIG_CEILOMETER_KS_PW'),
} }

4
packstack/puppet/templates/ceilometer_nova_disabled.pp
View File

@@ -1,5 +1,5 @@
group { "nova": group { 'nova':
ensure => present, ensure => present,
} }
Group['nova'] -> Class['ceilometer'] Group['nova'] -> Class['ceilometer']

18
packstack/puppet/templates/ceilometer_qpid.pp
View File

@@ -1,11 +1,11 @@
class { 'ceilometer': class { 'ceilometer':
metering_secret => '%(CONFIG_CEILOMETER_SECRET)s', metering_secret => hiera('CONFIG_CEILOMETER_SECRET'),
qpid_hostname => '%(CONFIG_AMQP_HOST)s', qpid_hostname => hiera('CONFIG_AMQP_HOST'),
qpid_username => '%(CONFIG_AMQP_AUTH_USER)s', qpid_username => hiera('CONFIG_AMQP_AUTH_USER'),
qpid_password => '%(CONFIG_AMQP_AUTH_PASSWORD)s', qpid_password => hiera('CONFIG_AMQP_AUTH_PASSWORD'),
rpc_backend => 'ceilometer.openstack.common.rpc.impl_qpid', rpc_backend => 'ceilometer.openstack.common.rpc.impl_qpid',
verbose => true, verbose => true,
debug => %(CONFIG_DEBUG_MODE)s, debug => hiera('CONFIG_DEBUG_MODE'),
qpid_port => '%(CONFIG_AMQP_CLIENTS_PORT)s', qpid_port => hiera('CONFIG_AMQP_CLIENTS_PORT'),
qpid_protocol => '%(CONFIG_AMQP_PROTOCOL)s' qpid_protocol => hiera('CONFIG_AMQP_PROTOCOL'),
} }

14
packstack/puppet/templates/ceilometer_rabbitmq.pp
View File

@@ -1,9 +1,9 @@
class { 'ceilometer': class { 'ceilometer':
metering_secret => '%(CONFIG_CEILOMETER_SECRET)s', metering_secret => hiera('CONFIG_CEILOMETER_SECRET'),
rabbit_host => '%(CONFIG_AMQP_HOST)s', rabbit_host => hiera('CONFIG_AMQP_HOST'),
verbose => true, verbose => true,
debug => %(CONFIG_DEBUG_MODE)s, debug => hiera('CONFIG_DEBUG_MODE'),
rabbit_port => '%(CONFIG_AMQP_CLIENTS_PORT)s', rabbit_port => hiera('CONFIG_AMQP_CLIENTS_PORT'),
rabbit_userid => '%(CONFIG_AMQP_AUTH_USER)s', rabbit_userid => hiera('CONFIG_AMQP_AUTH_USER'),
rabbit_password => '%(CONFIG_AMQP_AUTH_PASSWORD)s', rabbit_password => hiera('CONFIG_AMQP_AUTH_PASSWORD'),
} }

56
packstack/puppet/templates/chrony.pp
View File

@@ -1,7 +1,10 @@
$cfg_ntp_server_def = hiera('CONFIG_NTP_SERVER_DEF')
$cfg_ntp_servers = hiera('CONFIG_NTP_SERVERS')
$config_content = " $config_content = "
# Use public servers from the pool.ntp.org project. # Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html). # Please consider joining the pool (http://www.pool.ntp.org/join.html).
%(CONFIG_NTP_SERVER_DEF)s ${cfg_ntp_server_def}
# Ignore stratum in source selection. # Ignore stratum in source selection.
stratumweight 0 stratumweight 0
@@ -44,38 +47,43 @@ logdir /var/log/chrony
#log measurements statistics tracking #log measurements statistics tracking
" "
package {'chrony': package { 'chrony':
ensure => 'installed', ensure => 'installed',
name => 'chrony', name => 'chrony',
} }
package {'ntpdate': package { 'ntpdate':
ensure => 'installed', ensure => 'installed',
name => 'ntpdate', name => 'ntpdate',
} }
file {'chrony_conf': file { 'chrony_conf':
path => '/etc/chrony.conf', ensure => file,
ensure => file, path => '/etc/chrony.conf',
mode => '0644', mode => '0644',
content => $config_content, content => $config_content,
} }
exec {'stop-chronyd': exec { 'stop-chronyd':
command => '/usr/bin/systemctl stop chronyd.service', command => '/usr/bin/systemctl stop chronyd.service',
} }
exec {'ntpdate': exec { 'ntpdate':
command => '/usr/sbin/ntpdate %(CONFIG_NTP_SERVERS)s', command => "/usr/sbin/ntpdate ${cfg_ntp_servers}",
tries => 3, tries => 3,
} }
service {'chronyd': service { 'chronyd':
ensure => 'running', ensure => running,
enable => true, enable => true,
name => 'chronyd', name => 'chronyd',
hasstatus => true, hasstatus => true,
hasrestart => true, hasrestart => true,
} }
Package['chrony'] -> Package['ntpdate'] -> File['chrony_conf'] -> Exec['stop-chronyd'] -> Exec['ntpdate'] -> Service['chronyd'] Package['chrony'] ->
Package['ntpdate'] ->
File['chrony_conf'] ->
Exec['stop-chronyd'] ->
Exec['ntpdate'] ->
Service['chronyd']

35
packstack/puppet/templates/cinder.pp
View File

@@ -1,35 +1,34 @@
cinder_config { cinder_config {
"DEFAULT/glance_host": value => "%(CONFIG_STORAGE_HOST)s"; 'DEFAULT/glance_host': value => hiera('CONFIG_STORAGE_HOST');
} }
package {'python-keystone': package { 'python-keystone':
notify => Class['cinder::api'], notify => Class['cinder::api'],
} }
class {'cinder::api': class { 'cinder::api':
keystone_password => '%(CONFIG_CINDER_KS_PW)s', keystone_password => hiera('CONFIG_CINDER_KS_PW'),
keystone_tenant => "services", keystone_tenant => 'services',
keystone_user => "cinder", keystone_user => 'cinder',
keystone_auth_host => "%(CONFIG_CONTROLLER_HOST)s", keystone_auth_host => hiera('CONFIG_CONTROLLER_HOST'),
} }
class {'cinder::scheduler': class { 'cinder::scheduler': }
}
class {'cinder::volume': class { 'cinder::volume': }
}
class {'cinder::client': class { 'cinder::client': }
}
$cinder_config_controller_host = hiera('CONFIG_CONTROLLER_HOST')
# Cinder::Type requires keystone credentials # Cinder::Type requires keystone credentials
Cinder::Type { Cinder::Type {
os_password => '%(CONFIG_CINDER_KS_PW)s', os_password => hiera('CONFIG_CINDER_KS_PW'),
os_tenant_name => "services", os_tenant_name => 'services',
os_username => "cinder", os_username => 'cinder',
os_auth_url => "http://%(CONFIG_CONTROLLER_HOST)s:5000/v2.0/", os_auth_url => "http://${cinder_config_controller_host}:5000/v2.0/",
} }
class { 'cinder::backends': class { 'cinder::backends':
enabled_backends => %(CONFIG_CINDER_BACKEND)s, enabled_backends => hiera_array('CONFIG_CINDER_BACKEND'),
} }

9
packstack/puppet/templates/cinder_backup.pp
View File

@@ -1,8 +1,11 @@
class { 'cinder::backup': class { 'cinder::backup': }
}
$cinder_backup_conf_ctrl_host = hiera('CONFIG_CONTROLLER_HOST')
class { 'cinder::backup::swift': class { 'cinder::backup::swift':
backup_swift_url => 'http://%(CONFIG_CONTROLLER_HOST)s:8080/v1/AUTH_' backup_swift_url => "http://${cinder_config_controller_host}:8080/v1/AUTH_",
} }
Class['cinder::api'] ~> Service['cinder-backup'] Class['cinder::api'] ~> Service['cinder-backup']

6
packstack/puppet/templates/cinder_gluster.pp
View File

@@ -1,7 +1,9 @@
package { 'glusterfs-fuse': ensure => present } package { 'glusterfs-fuse':
ensure => present,
}
cinder::backend::glusterfs { 'gluster': cinder::backend::glusterfs { 'gluster':
glusterfs_shares => [%(CONFIG_CINDER_GLUSTER_MOUNTS)s], glusterfs_shares => hiera_array('CONFIG_CINDER_GLUSTER_MOUNTS'),
require => Package['glusterfs-fuse'], require => Package['glusterfs-fuse'],
glusterfs_shares_config => '/etc/cinder/glusterfs_shares.conf', glusterfs_shares_config => '/etc/cinder/glusterfs_shares.conf',
} }

18
packstack/puppet/templates/cinder_lvm.pp
View File

@@ -1,12 +1,12 @@
class { 'cinder::setup_test_volume': class { 'cinder::setup_test_volume':
size => '%(CONFIG_CINDER_VOLUMES_SIZE)s', size => hiera('CONFIG_CINDER_VOLUMES_SIZE'),
loopback_device => '/dev/loop2', loopback_device => '/dev/loop2',
volume_path => '/var/lib/cinder', volume_path => '/var/lib/cinder',
volume_name => 'cinder-volumes', volume_name => 'cinder-volumes',
} }
# Add loop device on boot # Add loop device on boot
$el_releases = ["RedHat", "CentOS", "Scientific"] $el_releases = ['RedHat', 'CentOS', 'Scientific']
if $::operatingsystem in $el_releases and $::operatingsystemmajrelease < 7 { if $::operatingsystem in $el_releases and $::operatingsystemmajrelease < 7 {
file_line{ 'rc.local_losetup_cinder_volume': file_line{ 'rc.local_losetup_cinder_volume':
@@ -44,12 +44,12 @@ RequiredBy=openstack-cinder-volume.service',
exec { '/usr/bin/systemctl daemon-reload': exec { '/usr/bin/systemctl daemon-reload':
refreshonly => true, refreshonly => true,
before => Service['openstack-losetup'], before => Service['openstack-losetup'],
} }
service { 'openstack-losetup': service { 'openstack-losetup':
ensure => running, ensure => running,
enable => true, enable => true,
require => Class['cinder::setup_test_volume'], require => Class['cinder::setup_test_volume'],
} }
@@ -70,8 +70,8 @@ file_line { 'snapshot_autoextend_percent':
} }
cinder::backend::iscsi { 'lvm': cinder::backend::iscsi { 'lvm':
iscsi_ip_address => '%(CONFIG_STORAGE_HOST)s', iscsi_ip_address => hiera('CONFIG_STORAGE_HOST'),
require => Package['lvm2'], require => Package['lvm2'],
} }
cinder::type { 'iscsi': cinder::type { 'iscsi':

20
packstack/puppet/templates/cinder_netapp_7mode_iscsi.pp
View File

@@ -3,16 +3,16 @@
package { 'iscsi-initiator-utils': ensure => present } package { 'iscsi-initiator-utils': ensure => present }
cinder::backend::netapp { 'netapp': cinder::backend::netapp { 'netapp':
netapp_login => "%(CONFIG_CINDER_NETAPP_LOGIN)s", netapp_login => hiera('CONFIG_CINDER_NETAPP_LOGIN'),
netapp_password => "%(CONFIG_CINDER_NETAPP_PASSWORD)s", netapp_password => hiera('CONFIG_CINDER_NETAPP_PASSWORD'),
netapp_server_hostname => "%(CONFIG_CINDER_NETAPP_HOSTNAME)s", netapp_server_hostname => hiera('CONFIG_CINDER_NETAPP_HOSTNAME'),
netapp_server_port => "%(CONFIG_CINDER_NETAPP_SERVER_PORT)s", netapp_server_port => hiera('CONFIG_CINDER_NETAPP_SERVER_PORT'),
netapp_size_multiplier => "%(CONFIG_CINDER_NETAPP_SIZE_MULTIPLIER)s", netapp_size_multiplier => hiera('CONFIG_CINDER_NETAPP_SIZE_MULTIPLIER'),
netapp_storage_family => "%(CONFIG_CINDER_NETAPP_STORAGE_FAMILY)s", netapp_storage_family => hiera('CONFIG_CINDER_NETAPP_STORAGE_FAMILY'),
netapp_storage_protocol => "%(CONFIG_CINDER_NETAPP_STORAGE_PROTOCOL)s", netapp_storage_protocol => hiera('CONFIG_CINDER_NETAPP_STORAGE_PROTOCOL'),
netapp_transport_type => "%(CONFIG_CINDER_NETAPP_TRANSPORT_TYPE)s", netapp_transport_type => hiera('CONFIG_CINDER_NETAPP_TRANSPORT_TYPE'),
netapp_vfiler => "%(CONFIG_CINDER_NETAPP_VFILER)s", netapp_vfiler => hiera('CONFIG_CINDER_NETAPP_VFILER'),
netapp_volume_list => ["%(CONFIG_CINDER_NETAPP_VOLUME_LIST)s"], netapp_volume_list => hiera_array('CONFIG_CINDER_NETAPP_VOLUME_LIST'),
require => Package['iscsi-initiator-utils'], require => Package['iscsi-initiator-utils'],
} }

22
packstack/puppet/templates/cinder_netapp_7mode_nfs.pp
View File

@@ -3,17 +3,17 @@
package { 'nfs-utils': ensure => present } package { 'nfs-utils': ensure => present }
cinder::backend::netapp { 'netapp': cinder::backend::netapp { 'netapp':
netapp_login => "%(CONFIG_CINDER_NETAPP_LOGIN)s", netapp_login => hiera('CONFIG_CINDER_NETAPP_LOGIN'),
netapp_password => "%(CONFIG_CINDER_NETAPP_PASSWORD)s", netapp_password => hiera('CONFIG_CINDER_NETAPP_PASSWORD'),
netapp_server_hostname => "%(CONFIG_CINDER_NETAPP_HOSTNAME)s", netapp_server_hostname => hiera('CONFIG_CINDER_NETAPP_HOSTNAME'),
netapp_server_port => "%(CONFIG_CINDER_NETAPP_SERVER_PORT)s", netapp_server_port => hiera('CONFIG_CINDER_NETAPP_SERVER_PORT'),
netapp_storage_family => "%(CONFIG_CINDER_NETAPP_STORAGE_FAMILY)s", netapp_storage_family => hiera('CONFIG_CINDER_NETAPP_STORAGE_FAMILY'),
netapp_storage_protocol => "%(CONFIG_CINDER_NETAPP_STORAGE_PROTOCOL)s", netapp_storage_protocol => hiera('CONFIG_CINDER_NETAPP_STORAGE_PROTOCOL'),
netapp_transport_type => "%(CONFIG_CINDER_NETAPP_TRANSPORT_TYPE)s", netapp_transport_type => hiera('CONFIG_CINDER_NETAPP_TRANSPORT_TYPE'),
expiry_thres_minutes => "%(CONFIG_CINDER_EXPIRY_THRES_MINUTES)s", expiry_thres_minutes => hiera('CONFIG_CINDER_EXPIRY_THRES_MINUTES'),
thres_avl_size_perc_start => "%(CONFIG_CINDER_NETAPP_THRES_AVL_SIZE_PERC_START)s", thres_avl_size_perc_start => hiera('CONFIG_CINDER_NETAPP_THRES_AVL_SIZE_PERC_START'),
thres_avl_size_perc_stop => "%(CONFIG_CINDER_NETAPP_THRES_AVL_SIZE_PERC_STOP)s", thres_avl_size_perc_stop => hiera('CONFIG_CINDER_NETAPP_THRES_AVL_SIZE_PERC_STOP'),
nfs_shares_config => "%(CONFIG_CINDER_NETAPP_NFS_SHARES_CONFIG)s", nfs_shares_config => hiera('CONFIG_CINDER_NETAPP_NFS_SHARES_CONFIG'),
require => Package['nfs-utils'], require => Package['nfs-utils'],
} }

18
packstack/puppet/templates/cinder_netapp_cdot_iscsi.pp
View File

@@ -3,15 +3,15 @@
package { 'iscsi-initiator-utils': ensure => present } package { 'iscsi-initiator-utils': ensure => present }
cinder::backend::netapp { 'netapp': cinder::backend::netapp { 'netapp':
netapp_login => "%(CONFIG_CINDER_NETAPP_LOGIN)s", netapp_login => hiera('CONFIG_CINDER_NETAPP_LOGIN'),
netapp_password => "%(CONFIG_CINDER_NETAPP_PASSWORD)s", netapp_password => hiera('CONFIG_CINDER_NETAPP_PASSWORD'),
netapp_server_hostname => "%(CONFIG_CINDER_NETAPP_HOSTNAME)s", netapp_server_hostname => hiera('CONFIG_CINDER_NETAPP_HOSTNAME'),
netapp_server_port => "%(CONFIG_CINDER_NETAPP_SERVER_PORT)s", netapp_server_port => hiera('CONFIG_CINDER_NETAPP_SERVER_PORT'),
netapp_size_multiplier => "%(CONFIG_CINDER_NETAPP_SIZE_MULTIPLIER)s", netapp_size_multiplier => hiera('CONFIG_CINDER_NETAPP_SIZE_MULTIPLIER'),
netapp_storage_family => "%(CONFIG_CINDER_NETAPP_STORAGE_FAMILY)s", netapp_storage_family => hiera('CONFIG_CINDER_NETAPP_STORAGE_FAMILY'),
netapp_storage_protocol => "%(CONFIG_CINDER_NETAPP_STORAGE_PROTOCOL)s", netapp_storage_protocol => hiera('CONFIG_CINDER_NETAPP_STORAGE_PROTOCOL'),
netapp_transport_type => "%(CONFIG_CINDER_NETAPP_TRANSPORT_TYPE)s", netapp_transport_type => hiera('CONFIG_CINDER_NETAPP_TRANSPORT_TYPE'),
netapp_vserver => "%(CONFIG_CINDER_NETAPP_VSERVER)s", netapp_vserver => hiera('CONFIG_CINDER_NETAPP_VSERVER'),
require => Package['iscsi-initiator-utils'], require => Package['iscsi-initiator-utils'],
} }

24
packstack/puppet/templates/cinder_netapp_cdot_nfs.pp
View File

@@ -3,18 +3,18 @@
package { 'nfs-utils': ensure => present } package { 'nfs-utils': ensure => present }
cinder::backend::netapp { 'netapp': cinder::backend::netapp { 'netapp':
netapp_login => "%(CONFIG_CINDER_NETAPP_LOGIN)s", netapp_login => hiera('CONFIG_CINDER_NETAPP_LOGIN'),
netapp_password => "%(CONFIG_CINDER_NETAPP_PASSWORD)s", netapp_password => hiera('CONFIG_CINDER_NETAPP_PASSWORD'),
netapp_server_hostname => "%(CONFIG_CINDER_NETAPP_HOSTNAME)s", netapp_server_hostname => hiera('CONFIG_CINDER_NETAPP_HOSTNAME'),
netapp_server_port => "%(CONFIG_CINDER_NETAPP_SERVER_PORT)s", netapp_server_port => hiera('CONFIG_CINDER_NETAPP_SERVER_PORT'),
netapp_storage_family => "%(CONFIG_CINDER_NETAPP_STORAGE_FAMILY)s", netapp_storage_family => hiera('CONFIG_CINDER_NETAPP_STORAGE_FAMILY'),
netapp_storage_protocol => "%(CONFIG_CINDER_NETAPP_STORAGE_PROTOCOL)s", netapp_storage_protocol => hiera('CONFIG_CINDER_NETAPP_STORAGE_PROTOCOL'),
netapp_transport_type => "%(CONFIG_CINDER_NETAPP_TRANSPORT_TYPE)s", netapp_transport_type => hiera('CONFIG_CINDER_NETAPP_TRANSPORT_TYPE'),
netapp_vserver => "%(CONFIG_CINDER_NETAPP_VSERVER)s", netapp_vserver => hiera('CONFIG_CINDER_NETAPP_VSERVER'),
expiry_thres_minutes => "%(CONFIG_CINDER_NETAPP_EXPIRY_THRES_MINUTES)s", expiry_thres_minutes => hiera('CONFIG_CINDER_NETAPP_EXPIRY_THRES_MINUTES'),
thres_avl_size_perc_start => "%(CONFIG_CINDER_NETAPP_THRES_AVL_SIZE_PERC_START)s", thres_avl_size_perc_start => hiera('CONFIG_CINDER_NETAPP_THRES_AVL_SIZE_PERC_START'),
thres_avl_size_perc_stop => "%(CONFIG_CINDER_NETAPP_THRES_AVL_SIZE_PERC_STOP)s", thres_avl_size_perc_stop => hiera('CONFIG_CINDER_NETAPP_THRES_AVL_SIZE_PERC_STOP'),
nfs_shares_config => "%(CONFIG_CINDER_NETAPP_NFS_SHARES_CONFIG)s", nfs_shares_config => hiera('CONFIG_CINDER_NETAPP_NFS_SHARES_CONFIG'),
require => Package['nfs-utils'], require => Package['nfs-utils'],
} }

22
packstack/puppet/templates/cinder_netapp_eseries.pp
View File

@@ -3,17 +3,17 @@
package { 'iscsi-initiator-utils': ensure => present } package { 'iscsi-initiator-utils': ensure => present }
cinder::backend::netapp { 'netapp': cinder::backend::netapp { 'netapp':
netapp_login => "%(CONFIG_CINDER_NETAPP_LOGIN)s", netapp_login => hiera('CONFIG_CINDER_NETAPP_LOGIN'),
netapp_password => "%(CONFIG_CINDER_NETAPP_PASSWORD)s", netapp_password => hiera('CONFIG_CINDER_NETAPP_PASSWORD'),
netapp_server_hostname => "%(CONFIG_CINDER_NETAPP_HOSTNAME)s", netapp_server_hostname => hiera('CONFIG_CINDER_NETAPP_HOSTNAME'),
netapp_server_port => "%(CONFIG_CINDER_NETAPP_SERVER_PORT)s", netapp_server_port => hiera('CONFIG_CINDER_NETAPP_SERVER_PORT'),
netapp_storage_family => "%(CONFIG_CINDER_NETAPP_STORAGE_FAMILY)s", netapp_storage_family => hiera('CONFIG_CINDER_NETAPP_STORAGE_FAMILY'),
netapp_storage_protocol => "%(CONFIG_CINDER_NETAPP_STORAGE_PROTOCOL)s", netapp_storage_protocol => hiera('CONFIG_CINDER_NETAPP_STORAGE_PROTOCOL'),
netapp_transport_type => "%(CONFIG_CINDER_NETAPP_TRANSPORT_TYPE)s", netapp_transport_type => hiera('CONFIG_CINDER_NETAPP_TRANSPORT_TYPE'),
netapp_controller_ips => "%(CONFIG_CINDER_NETAPP_CONTROLLER_IPS)s", netapp_controller_ips => hiera('CONFIG_CINDER_NETAPP_CONTROLLER_IPS'),
netapp_sa_password => "%(CONFIG_CINDER_NETAPP_SA_PASSWORD)s", netapp_sa_password => hiera('CONFIG_CINDER_NETAPP_SA_PASSWORD'),
netapp_storage_pools => "%(CONFIG_CINDER_NETAPP_STORAGE_POOLS)s", netapp_storage_pools => hiera('CONFIG_CINDER_NETAPP_STORAGE_POOLS'),
netapp_webservice_path => "%(CONFIG_CINDER_NETAPP_WEBSERVICE_PATH)s", netapp_webservice_path => hiera('CONFIG_CINDER_NETAPP_WEBSERVICE_PATH'),
require => Package['iscsi-initiator-utils'], require => Package['iscsi-initiator-utils'],
} }

2
packstack/puppet/templates/cinder_nfs.pp
View File

@@ -1,7 +1,7 @@
package { 'nfs-utils': ensure => present } package { 'nfs-utils': ensure => present }
cinder::backend::nfs { 'nfs': cinder::backend::nfs { 'nfs':
nfs_servers => [%(CONFIG_CINDER_NFS_MOUNTS)s], nfs_servers => hiera_array('CONFIG_CINDER_NFS_MOUNTS'),
require => Package['nfs-utils'], require => Package['nfs-utils'],
nfs_shares_config => '/etc/cinder/nfs_shares.conf', nfs_shares_config => '/etc/cinder/nfs_shares.conf',
} }

22
packstack/puppet/templates/cinder_qpid.pp
View File

@@ -1,13 +1,15 @@
$cinder_qpid_cfg_cinder_db_pw = hiera('CONFIG_CINDER_DB_PW')
$cinder_qpid_cfg_mariadb_host = hiera('CONFIG_MARIADB_HOST')
class {'cinder': class {'cinder':
rpc_backend => 'cinder.openstack.common.rpc.impl_qpid', rpc_backend => 'cinder.openstack.common.rpc.impl_qpid',
qpid_hostname => "%(CONFIG_AMQP_HOST)s", qpid_hostname => hiera('CONFIG_AMQP_HOST'),
qpid_port => '%(CONFIG_AMQP_CLIENTS_PORT)s', qpid_port => hiera('CONFIG_AMQP_CLIENTS_PORT'),
qpid_protocol => '%(CONFIG_AMQP_PROTOCOL)s', qpid_protocol => hiera('CONFIG_AMQP_PROTOCOL'),
qpid_username => '%(CONFIG_AMQP_AUTH_USER)s', qpid_username => hiera('CONFIG_AMQP_AUTH_USER'),
qpid_password => '%(CONFIG_AMQP_AUTH_PASSWORD)s', qpid_password => hiera('CONFIG_AMQP_AUTH_PASSWORD'),
sql_connection => "mysql://cinder:%(CONFIG_CINDER_DB_PW)s@%(CONFIG_MARIADB_HOST)s/cinder", sql_connection => "mysql://cinder:${cinder_qpid_cfg_cinder_db_pw}@${cinder_qpid_cfg_mariadb_host}/cinder",
verbose => true, verbose => true,
debug => %(CONFIG_DEBUG_MODE)s, debug => hiera('CONFIG_DEBUG_MODE'),
mysql_module => '2.2', mysql_module => '2.2',
} }

18
packstack/puppet/templates/cinder_rabbitmq.pp
View File

@@ -1,11 +1,13 @@
$cinder_rab_cfg_cinder_db_pw = hiera('CONFIG_CINDER_DB_PW')
$cinder_rab_cfg_mariadb_host = hiera('CONFIG_MARIADB_HOST')
class {'cinder': class {'cinder':
rabbit_host => "%(CONFIG_AMQP_HOST)s", rabbit_host => hiera('CONFIG_AMQP_HOST'),
rabbit_port => '%(CONFIG_AMQP_CLIENTS_PORT)s', rabbit_port => hiera('CONFIG_AMQP_CLIENTS_PORT'),
rabbit_userid => '%(CONFIG_AMQP_AUTH_USER)s', rabbit_userid => hiera('CONFIG_AMQP_AUTH_USER'),
rabbit_password => '%(CONFIG_AMQP_AUTH_PASSWORD)s', rabbit_password => hiera('CONFIG_AMQP_AUTH_PASSWORD'),
sql_connection => "mysql://cinder:%(CONFIG_CINDER_DB_PW)s@%(CONFIG_MARIADB_HOST)s/cinder", sql_connection => "mysql://cinder:${cinder_rab_cfg_cinder_db_pw}@${cinder_rab_cfg_mariadb_host}/cinder",
verbose => true, verbose => true,
debug => %(CONFIG_DEBUG_MODE)s, debug => hiera('CONFIG_DEBUG_MODE'),
mysql_module => '2.2', mysql_module => '2.2',
} }

6
packstack/puppet/templates/cinder_vmdk.pp
View File

@@ -1,7 +1,7 @@
cinder::backend::vmdk { 'vmdk': cinder::backend::vmdk { 'vmdk':
host_ip => "%(CONFIG_VCENTER_HOST)s", host_ip => hiera('CONFIG_VCENTER_HOST'),
host_username => "%(CONFIG_VCENTER_USER)s", host_username => hiera('CONFIG_VCENTER_USER'),
host_password => "%(CONFIG_VCENTER_PASSWORD)s", host_password => hiera('CONFIG_VCENTER_PASSWORD'),
} }
cinder::type { 'vmdk': cinder::type { 'vmdk':

11
packstack/puppet/templates/firewall.pp
View File

@@ -1,11 +0,0 @@
# Create firewall rules to allow only the FIREWALL_ALLOWED
# hosts that need to connect via FIREWALL_PORTS
# using FIREWALL_CHAIN
packstack::firewall {'%(FIREWALL_SERVICE_ID)s':
host => %(FIREWALL_ALLOWED)s,
service_name => '%(FIREWALL_SERVICE_NAME)s',
chain => '%(FIREWALL_CHAIN)s',
ports => %(FIREWALL_PORTS)s,
proto => '%(FIREWALL_PROTOCOL)s',
}

41
packstack/puppet/templates/glance.pp
View File

@@ -1,23 +1,26 @@
$glance_ks_pw = hiera('CONFIG_GLANCE_DB_PW')
$glance_mariadb_host = hiera('CONFIG_MARIADB_HOST')
class {"glance::api": class { 'glance::api':
auth_host => "%(CONFIG_CONTROLLER_HOST)s", auth_host => hiera('CONFIG_CONTROLLER_HOST'),
keystone_tenant => "services", keystone_tenant => 'services',
keystone_user => "glance", keystone_user => 'glance',
keystone_password => "%(CONFIG_GLANCE_KS_PW)s", keystone_password => hiera('CONFIG_GLANCE_KS_PW'),
pipeline => 'keystone', pipeline => 'keystone',
sql_connection => "mysql://glance:%(CONFIG_GLANCE_DB_PW)s@%(CONFIG_MARIADB_HOST)s/glance", sql_connection => "mysql://glance:${glance_ks_pw}@${glance_mariadb_host}/glance",
verbose => true, verbose => true,
debug => %(CONFIG_DEBUG_MODE)s, debug => hiera('CONFIG_DEBUG_MODE'),
mysql_module => '2.2', mysql_module => '2.2',
} }
class {"glance::registry": class { 'glance::registry':
auth_host => "%(CONFIG_CONTROLLER_HOST)s", auth_host => hiera('CONFIG_CONTROLLER_HOST'),
keystone_tenant => "services", keystone_tenant => 'services',
keystone_user => "glance", keystone_user => 'glance',
keystone_password => "%(CONFIG_GLANCE_KS_PW)s", keystone_password => hiera('CONFIG_GLANCE_KS_PW'),
sql_connection => "mysql://glance:%(CONFIG_GLANCE_DB_PW)s@%(CONFIG_MARIADB_HOST)s/glance", sql_connection => "mysql://glance:${glance_ks_pw}@${glance_mariadb_host}/glance",
verbose => true, verbose => true,
debug => %(CONFIG_DEBUG_MODE)s, debug => hiera('CONFIG_DEBUG_MODE'),
mysql_module => '2.2', mysql_module => '2.2',
} }

10
packstack/puppet/templates/glance_ceilometer_qpid.pp
View File

@@ -1,8 +1,8 @@
class { 'glance::notify::qpid': class { 'glance::notify::qpid':
qpid_password => '%(CONFIG_AMQP_AUTH_PASSWORD)s', qpid_password => hiera('CONFIG_AMQP_AUTH_PASSWORD'),
qpid_username => '%(CONFIG_AMQP_AUTH_USER)s', qpid_username => hiera('CONFIG_AMQP_AUTH_USER'),
qpid_hostname => '%(CONFIG_AMQP_HOST)s', qpid_hostname => hiera('CONFIG_AMQP_HOST'),
qpid_port => '%(CONFIG_AMQP_CLIENTS_PORT)s', qpid_port => hiera('CONFIG_AMQP_CLIENTS_PORT'),
qpid_protocol => '%(CONFIG_AMQP_PROTOCOL)s' qpid_protocol => hiera('CONFIG_AMQP_PROTOCOL'),
} }

10
packstack/puppet/templates/glance_ceilometer_rabbitmq.pp
View File

@@ -1,9 +1,9 @@
class { 'glance::notify::rabbitmq': class { 'glance::notify::rabbitmq':
rabbit_host => '%(CONFIG_AMQP_HOST)s', rabbit_host => hiera('CONFIG_AMQP_HOST'),
rabbit_port => '%(CONFIG_AMQP_CLIENTS_PORT)s', rabbit_port => hiera('CONFIG_AMQP_CLIENTS_PORT'),
rabbit_use_ssl => %(CONFIG_AMQP_ENABLE_SSL)s, rabbit_use_ssl => hiera('CONFIG_AMQP_ENABLE_SSL'),
rabbit_userid => '%(CONFIG_AMQP_AUTH_USER)s', rabbit_userid => hiera('CONFIG_AMQP_AUTH_USER'),
rabbit_password => '%(CONFIG_AMQP_AUTH_PASSWORD)s', rabbit_password => hiera('CONFIG_AMQP_AUTH_PASSWORD'),
} }

2
packstack/puppet/templates/glance_file.pp
View File

@@ -1,5 +1,5 @@
# TO-DO: Make this configurable # TO-DO: Make this configurable
class { 'glance::backend::file': class { 'glance::backend::file':
filesystem_store_datadir => '/var/lib/glance/images/' filesystem_store_datadir => '/var/lib/glance/images/',
} }

7
packstack/puppet/templates/glance_swift.pp
View File

@@ -1,10 +1,11 @@
$gla_bd_ct_h = hiera('CONFIG_CONTROLLER_HOST')
class { 'glance::backend::swift': class { 'glance::backend::swift':
swift_store_user => 'services:glance', swift_store_user => 'services:glance',
swift_store_key => '%(CONFIG_GLANCE_KS_PW)s', swift_store_key => hiera('CONFIG_GLANCE_KS_PW'),
swift_store_auth_address => 'http://%(CONFIG_CONTROLLER_HOST)s:35357/v2.0/', swift_store_auth_address => "http://${gla_bd_ct_h}:35357/v2.0/",
swift_store_container => 'glance', swift_store_container => 'glance',
swift_store_auth_version => '2', swift_store_auth_version => '2',
swift_store_large_object_size => '5120', swift_store_large_object_size => '5120',
swift_store_create_container_on_put => true swift_store_create_container_on_put => true,
} }

2
packstack/puppet/templates/global.pp
View File

@@ -1 +1 @@
Exec { timeout => %(DEFAULT_EXEC_TIMEOUT)s } Exec { timeout => hiera('DEFAULT_EXEC_TIMEOUT') }

23
packstack/puppet/templates/heat.pp
View File

@@ -1,21 +1,22 @@
class { 'heat::api': class { 'heat::api': }
}
$heat_cfg_ctrl_host = hiera('CONFIG_CONTROLLER_HOST')
class { 'heat::engine': class { 'heat::engine':
heat_metadata_server_url => 'http://%(CONFIG_CONTROLLER_HOST)s:8000', heat_metadata_server_url => "http://${heat_cfg_ctrl_host}:8000",
heat_waitcondition_server_url => 'http://%(CONFIG_CONTROLLER_HOST)s:8000/v1/waitcondition', heat_waitcondition_server_url => "http://${heat_cfg_ctrl_host}:8000/v1/waitcondition",
heat_watch_server_url => 'http://%(CONFIG_CONTROLLER_HOST)s:8003', heat_watch_server_url => "http://${heat_cfg_ctrl_host}:8003",
auth_encryption_key => '%(CONFIG_HEAT_AUTH_ENC_KEY)s', auth_encryption_key => hiera('CONFIG_HEAT_AUTH_ENC_KEY'),
} }
class { 'heat::keystone::domain': class { 'heat::keystone::domain':
auth_url => 'http://%(CONFIG_CONTROLLER_HOST)s:35357/v2.0', auth_url => "http://${heat_cfg_ctrl_host}:35357/v2.0",
keystone_admin => 'admin', keystone_admin => 'admin',
keystone_password => '%(CONFIG_KEYSTONE_ADMIN_PW)s', keystone_password => hiera('CONFIG_KEYSTONE_ADMIN_PW'),
keystone_tenant => 'admin', keystone_tenant => 'admin',
domain_name => '%(CONFIG_HEAT_DOMAIN)s', domain_name => hiera('CONFIG_HEAT_DOMAIN'),
domain_admin => '%(CONFIG_HEAT_DOMAIN_ADMIN)s', domain_admin => hiera('CONFIG_HEAT_DOMAIN_ADMIN'),
domain_password => '%(CONFIG_HEAT_DOMAIN_PASSWORD)s', domain_password => hiera('CONFIG_HEAT_DOMAIN_PASSWORD'),
} }

13
packstack/puppet/templates/heat_cfn.pp
View File

@@ -1,11 +1,12 @@
class { 'heat::api_cfn': class { 'heat::api_cfn': }
}
$heat_cfn_cfg_ctrl_host = hiera('CONFIG_CONTROLLER_HOST')
class { 'heat::keystone::auth_cfn': class { 'heat::keystone::auth_cfn':
admin_address => '%(CONFIG_CONTROLLER_HOST)s', admin_address => $heat_cfn_cfg_ctrl_host,
public_address => '%(CONFIG_CONTROLLER_HOST)s', public_address => $heat_cfn_cfg_ctrl_host,
internal_address => '%(CONFIG_CONTROLLER_HOST)s', internal_address => $heat_cfn_cfg_ctrl_host,
password => '%(CONFIG_HEAT_KS_PW)s' password => hiera('CONFIG_HEAT_KS_PW'),
} }

3
packstack/puppet/templates/heat_cloudwatch.pp
View File

@@ -1,4 +1,3 @@
class { 'heat::api_cloudwatch': class { 'heat::api_cloudwatch': }
}

30
packstack/puppet/templates/heat_qpid.pp
View File

@@ -1,15 +1,19 @@
$heat_qpid_cfg_ctrl_host = hiera('CONFIG_CONTROLLER_HOST')
$heat_qpid_cfg_heat_db_pw = hiera('CONFIG_HEAT_DB_PW')
$heat_qpid_cfg_mariadb_host = hiera('CONFIG_MARIADB_HOST')
class { 'heat': class { 'heat':
keystone_host => '%(CONFIG_CONTROLLER_HOST)s', keystone_host => $heat_cfn_cfg_ctrl_host,
keystone_password => '%(CONFIG_HEAT_KS_PW)s', keystone_password => hiera('CONFIG_HEAT_KS_PW'),
auth_uri => 'http://%(CONFIG_CONTROLLER_HOST)s:35357/v2.0', auth_uri => "http://${heat_qpid_cfg_ctrl_host}:35357/v2.0",
keystone_ec2_uri => 'http://%(CONFIG_CONTROLLER_HOST)s:35357/v2.0', keystone_ec2_uri => "http://${heat_qpid_cfg_ctrl_host}:35357/v2.0",
rpc_backend => 'heat.openstack.common.rpc.impl_qpid', rpc_backend => 'heat.openstack.common.rpc.impl_qpid',
qpid_hostname => '%(CONFIG_AMQP_HOST)s', qpid_hostname => hiera('CONFIG_AMQP_HOST'),
qpid_username => '%(CONFIG_AMQP_AUTH_USER)s', qpid_username => hiera('CONFIG_AMQP_AUTH_USER'),
qpid_password => '%(CONFIG_AMQP_AUTH_PASSWORD)s', qpid_password => hiera('CONFIG_AMQP_AUTH_PASSWORD'),
qpid_port => '%(CONFIG_AMQP_CLIENTS_PORT)s', qpid_port => hiera('CONFIG_AMQP_CLIENTS_PORT'),
qpid_protocol => '%(CONFIG_AMQP_PROTOCOL)s', qpid_protocol => hiera('CONFIG_AMQP_PROTOCOL'),
verbose => true, verbose => true,
debug => %(CONFIG_DEBUG_MODE)s, debug => hiera('CONFIG_DEBUG_MODE'),
sql_connection => "mysql://heat:%(CONFIG_HEAT_DB_PW)s@%(CONFIG_MARIADB_HOST)s/heat", sql_connection => "mysql://heat:${heat_qpid_cfg_heat_db_pw}@${heat_qpid_cfg_mariadb_host}/heat",
} }

26
packstack/puppet/templates/heat_rabbitmq.pp
View File

@@ -1,13 +1,17 @@
$heat_rabbitmq_cfg_ctrl_host = hiera('CONFIG_CONTROLLER_HOST')
$heat_rabbitmq_cfg_heat_db_pw = hiera('CONFIG_HEAT_DB_PW')
$heat_rabbitmq_cfg_mariadb_host = hiera('CONFIG_MARIADB_HOST')
class { 'heat': class { 'heat':
keystone_host => '%(CONFIG_CONTROLLER_HOST)s', keystone_host => $heat_rabbitmq_cfg_ctrl_host,
keystone_password => '%(CONFIG_HEAT_KS_PW)s', keystone_password => hiera('CONFIG_HEAT_KS_PW'),
auth_uri => 'http://%(CONFIG_CONTROLLER_HOST)s:35357/v2.0', auth_uri => "http://${heat_rabbitmq_cfg_ctrl_host}:35357/v2.0",
keystone_ec2_uri => 'http://%(CONFIG_CONTROLLER_HOST)s:35357/v2.0', keystone_ec2_uri => "http://${heat_rabbitmq_cfg_ctrl_host}:35357/v2.0",
rpc_backend => 'heat.openstack.common.rpc.impl_kombu', rpc_backend => 'heat.openstack.common.rpc.impl_kombu',
rabbit_host => '%(CONFIG_AMQP_HOST)s', rabbit_host => hiera('CONFIG_AMQP_HOST'),
rabbit_userid => '%(CONFIG_AMQP_AUTH_USER)s', rabbit_userid => hiera('CONFIG_AMQP_AUTH_USER'),
rabbit_password => '%(CONFIG_AMQP_AUTH_PASSWORD)s', rabbit_password => hiera('CONFIG_AMQP_AUTH_PASSWORD'),
verbose => true, verbose => true,
debug => %(CONFIG_DEBUG_MODE)s, debug => hiera('CONFIG_DEBUG_MODE'),
sql_connection => "mysql://heat:%(CONFIG_HEAT_DB_PW)s@%(CONFIG_MARIADB_HOST)s/heat", sql_connection => "mysql://heat:${heat_rabbitmq_cfg_heat_db_pw}@${heat_rabbitmq_cfg_mariadb_host}/heat",
} }

1
packstack/puppet/templates/heat_trusts.pp
View File

@@ -8,3 +8,4 @@ keystone_user_role { 'admin@admin':
ensure => present, ensure => present,
roles => ['admin', '_member_', 'heat_stack_owner'], roles => ['admin', '_member_', 'heat_stack_owner'],
} }

73
packstack/puppet/templates/horizon.pp
View File

@@ -1,40 +1,47 @@
include packstack::apache_common include packstack::apache_common
$horizon_packages = ["python-memcached", "python-netaddr"] $horizon_packages = ['python-memcached', 'python-netaddr']
package {$horizon_packages: package { $horizon_packages:
notify => Class["horizon"], ensure => present,
ensure => present, notify => Class['horizon'],
}
$is_django_debug = hiera('CONFIG_DEBUG_MODE') ? {
true => 'True',
false => 'False',
} }
class {'horizon': class {'horizon':
secret_key => '%(CONFIG_HORIZON_SECRET_KEY)s', secret_key => hiera('CONFIG_HORIZON_SECRET_KEY'),
keystone_host => '%(CONFIG_CONTROLLER_HOST)s', keystone_host => hiera('CONFIG_CONTROLLER_HOST'),
keystone_default_role => '_member_', keystone_default_role => '_member_',
#fqdn => ['%(CONFIG_CONTROLLER_HOST)s', "$::fqdn", 'localhost'], # fqdn => [hiera('CONFIG_CONTROLLER_HOST'), "$::fqdn", 'localhost'],
# TO-DO: Parameter fqdn is used both for ALLOWED_HOSTS in settings_local.py # TO-DO: Parameter fqdn is used both for ALLOWED_HOSTS in settings_local.py
# and for ServerAlias directives in vhost.conf which is breaking server # and for ServerAlias directives in vhost.conf which is breaking server
# accessibility. We need ALLOWED_HOSTS values, but we have to avoid # accessibility. We need ALLOWED_HOSTS values, but we have to avoid
# ServerAlias definitions. For now we will use this wildcard hack until # ServerAlias definitions. For now we will use this wildcard hack until
# puppet-horizon will have separate parameter for each config. # puppet-horizon will have separate parameter for each config.
fqdn => '*', fqdn => '*',
can_set_mount_point => 'False', can_set_mount_point => 'False',
django_debug => %(CONFIG_DEBUG_MODE)s ? {true => 'True', false => 'False'}, django_debug => $is_django_debug,
listen_ssl => %(CONFIG_HORIZON_SSL)s, listen_ssl => hiera('CONFIG_HORIZON_SSL'),
horizon_cert => '/etc/pki/tls/certs/ssl_ps_server.crt', horizon_cert => '/etc/pki/tls/certs/ssl_ps_server.crt',
horizon_key => '/etc/pki/tls/private/ssl_ps_server.key', horizon_key => '/etc/pki/tls/private/ssl_ps_server.key',
horizon_ca => '/etc/pki/tls/certs/ssl_ps_chain.crt', horizon_ca => '/etc/pki/tls/certs/ssl_ps_chain.crt',
neutron_options => { neutron_options => {
'enable_lb' => %(CONFIG_HORIZON_NEUTRON_LB)s, 'enable_lb' => hiera('CONFIG_HORIZON_NEUTRON_LB'),
'enable_firewall' => %(CONFIG_HORIZON_NEUTRON_FW)s 'enable_firewall' => hiera('CONFIG_HORIZON_NEUTRON_FW'),
}, },
} }
if %(CONFIG_HORIZON_SSL)s { $is_horizon_ssl = hiera('CONFIG_HORIZON_SSL')
if $is_horizon_ssl == true {
file {'/etc/pki/tls/certs/ps_generate_ssl_certs.ssh': file {'/etc/pki/tls/certs/ps_generate_ssl_certs.ssh':
ensure => present,
content => template('packstack/ssl/generate_ssl_certs.sh.erb'), content => template('packstack/ssl/generate_ssl_certs.sh.erb'),
ensure => present, mode => '0755',
mode => '755',
} }
exec {'/etc/pki/tls/certs/ps_generate_ssl_certs.ssh': exec {'/etc/pki/tls/certs/ps_generate_ssl_certs.ssh':
@@ -62,19 +69,19 @@ if %(CONFIG_HORIZON_SSL)s {
} }
} }
class {'memcached':} class { 'memcached': }
$firewall_port = %(CONFIG_HORIZON_PORT)s $firewall_port = hiera('CONFIG_HORIZON_PORT')
firewall { "001 horizon ${firewall_port} incoming": firewall { "001 horizon ${firewall_port} incoming":
proto => 'tcp', proto => 'tcp',
dport => [%(CONFIG_HORIZON_PORT)s], dport => [$firewall_port],
action => 'accept', action => 'accept',
} }
if ($::selinux != "false"){ if ($::selinux != false) {
selboolean{'httpd_can_network_connect': selboolean{ 'httpd_can_network_connect':
value => on, value => on,
persistent => true, persistent => true,
} }
} }

62
packstack/puppet/templates/keystone.pp
View File

@@ -1,44 +1,50 @@
$keystone_use_ssl = false $keystone_use_ssl = false
$keystone_service_name = hiera('CONFIG_KEYSTONE_SERVICE_NAME')
$keystone_cfg_ks_db_pw = hiera('CONFIG_KEYSTONE_DB_PW')
$keystone_cfg_mariadb_host = hiera('CONFIG_MARIADB_HOST')
class {"keystone": class { 'keystone':
admin_token => "%(CONFIG_KEYSTONE_ADMIN_TOKEN)s", admin_token => hiera('CONFIG_KEYSTONE_ADMIN_TOKEN'),
sql_connection => "mysql://keystone_admin:%(CONFIG_KEYSTONE_DB_PW)s@%(CONFIG_MARIADB_HOST)s/keystone", sql_connection => "mysql://keystone_admin:${keystone_cfg_ks_db_pw}@${keystone_cfg_mariadb_host}/keystone",
token_format => "%(CONFIG_KEYSTONE_TOKEN_FORMAT)s", token_format => hiera('CONFIG_KEYSTONE_TOKEN_FORMAT'),
verbose => true, verbose => true,
debug => %(CONFIG_DEBUG_MODE)s, debug => hiera('CONFIG_DEBUG_MODE'),
mysql_module => '2.2', mysql_module => '2.2',
service_name => '%(CONFIG_KEYSTONE_SERVICE_NAME)s', service_name => $keystone_service_name,
enable_ssl => $keystone_use_ssl, enable_ssl => $keystone_use_ssl,
} }
if '%(CONFIG_KEYSTONE_SERVICE_NAME)s' == 'httpd' { if $keystone_service_name == 'httpd' {
include packstack::apache_common include packstack::apache_common
class {"keystone::wsgi::apache":
class { 'keystone::wsgi::apache':
ssl => $keystone_use_ssl, ssl => $keystone_use_ssl,
} }
} }
class {"keystone::roles::admin": class { 'keystone::roles::admin':
email => "root@localhost", email => 'root@localhost',
password => "%(CONFIG_KEYSTONE_ADMIN_PW)s", password => hiera('CONFIG_KEYSTONE_ADMIN_PW'),
admin_tenant => "admin" admin_tenant => 'admin',
} }
class {"keystone::endpoint": class { 'keystone::endpoint':
region => "%(CONFIG_KEYSTONE_REGION)s", region => hiera('CONFIG_KEYSTONE_REGION'),
public_address => "%(CONFIG_CONTROLLER_HOST)s", public_address => hiera('CONFIG_CONTROLLER_HOST'),
admin_address => "%(CONFIG_CONTROLLER_HOST)s", admin_address => hiera('CONFIG_CONTROLLER_HOST'),
internal_address => "%(CONFIG_CONTROLLER_HOST)s", internal_address => hiera('CONFIG_CONTROLLER_HOST'),
} }
# Run token flush every minute (without output so we won't spam admins) # Run token flush every minute (without output so we won't spam admins)
cron { 'token-flush': cron { 'token-flush':
ensure => 'present', ensure => 'present',
command => '/usr/bin/keystone-manage token_flush >/dev/null 2>&1', command => '/usr/bin/keystone-manage token_flush >/dev/null 2>&1',
minute => '*/1', minute => '*/1',
user => 'keystone', user => 'keystone',
require => [User['keystone'], Group['keystone']], require => [User['keystone'], Group['keystone']],
} -> service { 'crond': } ->
ensure => 'running', service { 'crond':
enable => true, ensure => 'running',
enable => true,
} }

10
packstack/puppet/templates/keystone_ceilometer.pp
View File

@@ -1,8 +1,8 @@
class { 'ceilometer::keystone::auth': class { 'ceilometer::keystone::auth':
region => '%(CONFIG_KEYSTONE_REGION)s', region => hiera('CONFIG_KEYSTONE_REGION'),
password => '%(CONFIG_CEILOMETER_KS_PW)s', password => hiera('CONFIG_CEILOMETER_KS_PW'),
public_address => "%(CONFIG_CONTROLLER_HOST)s", public_address => hiera('CONFIG_CONTROLLER_HOST'),
admin_address => "%(CONFIG_CONTROLLER_HOST)s", admin_address => hiera('CONFIG_CONTROLLER_HOST'),
internal_address => "%(CONFIG_CONTROLLER_HOST)s", internal_address => hiera('CONFIG_CONTROLLER_HOST'),
} }

12
packstack/puppet/templates/keystone_cinder.pp
View File

@@ -1,9 +1,9 @@
class {"cinder::keystone::auth": class { 'cinder::keystone::auth':
region => "%(CONFIG_KEYSTONE_REGION)s", region => hiera('CONFIG_KEYSTONE_REGION'),
password => "%(CONFIG_CINDER_KS_PW)s", password => hiera('CONFIG_CINDER_KS_PW'),
public_address => "%(CONFIG_STORAGE_HOST)s", public_address => hiera('CONFIG_STORAGE_HOST'),
admin_address => "%(CONFIG_STORAGE_HOST)s", admin_address => hiera('CONFIG_STORAGE_HOST'),
internal_address => "%(CONFIG_STORAGE_HOST)s", internal_address => hiera('CONFIG_STORAGE_HOST'),
} }

12
packstack/puppet/templates/keystone_glance.pp
View File

@@ -1,8 +1,8 @@
class {"glance::keystone::auth": class { 'glance::keystone::auth':
region => "%(CONFIG_KEYSTONE_REGION)s", region => hiera('CONFIG_KEYSTONE_REGION'),
password => "%(CONFIG_GLANCE_KS_PW)s", password => hiera('CONFIG_GLANCE_KS_PW'),
public_address => "%(CONFIG_STORAGE_HOST)s", public_address => hiera('CONFIG_STORAGE_HOST'),
admin_address => "%(CONFIG_STORAGE_HOST)s", admin_address => hiera('CONFIG_STORAGE_HOST'),
internal_address => "%(CONFIG_STORAGE_HOST)s", internal_address => hiera('CONFIG_STORAGE_HOST'),
} }

30
packstack/puppet/templates/keystone_heat.pp
View File

@@ -1,18 +1,20 @@
# heat::keystone::auth # heat::keystone::auth
class {"heat::keystone::auth": class { 'heat::keystone::auth':
region => "%(CONFIG_KEYSTONE_REGION)s", region => hiera('CONFIG_KEYSTONE_REGION'),
password => "%(CONFIG_HEAT_KS_PW)s", password => hiera('CONFIG_HEAT_KS_PW'),
public_address => "%(CONFIG_CONTROLLER_HOST)s", public_address => hiera('CONFIG_CONTROLLER_HOST'),
admin_address => "%(CONFIG_CONTROLLER_HOST)s", admin_address => hiera('CONFIG_CONTROLLER_HOST'),
internal_address => "%(CONFIG_CONTROLLER_HOST)s", internal_address => hiera('CONFIG_CONTROLLER_HOST'),
} }
if '%(CONFIG_HEAT_CFN_INSTALL)s' == 'y' { $is_heat_cfn_install = hiera('CONFIG_HEAT_CFN_INSTALL')
# heat::keystone::cfn
class {"heat::keystone::auth_cfn": if $is_heat_cfn_install == 'y' {
password => "%(CONFIG_HEAT_KS_PW)s", # heat::keystone::cfn
public_address => "%(CONFIG_CONTROLLER_HOST)s", class { "heat::keystone::auth_cfn":
admin_address => "%(CONFIG_CONTROLLER_HOST)s", password => hiera('CONFIG_HEAT_KS_PW'),
internal_address => "%(CONFIG_CONTROLLER_HOST)s", public_address => hiera('CONFIG_CONTROLLER_HOST'),
} admin_address => hiera('CONFIG_CONTROLLER_HOST'),
internal_address => hiera('CONFIG_CONTROLLER_HOST'),
}
} }

12
packstack/puppet/templates/keystone_neutron.pp
View File

@@ -1,8 +1,8 @@
class {"neutron::keystone::auth": class { 'neutron::keystone::auth':
region => "%(CONFIG_KEYSTONE_REGION)s", region => hiera('CONFIG_KEYSTONE_REGION'),
password => "%(CONFIG_NEUTRON_KS_PW)s", password => hiera('CONFIG_NEUTRON_KS_PW'),
public_address => "%(CONFIG_CONTROLLER_HOST)s", public_address => hiera('CONFIG_CONTROLLER_HOST'),
admin_address => "%(CONFIG_CONTROLLER_HOST)s", admin_address => hiera('CONFIG_CONTROLLER_HOST'),
internal_address => "%(CONFIG_CONTROLLER_HOST)s", internal_address => hiera('CONFIG_CONTROLLER_HOST'),
} }

14
packstack/puppet/templates/keystone_nova.pp
View File

@@ -1,9 +1,9 @@
class {"nova::keystone::auth": class { 'nova::keystone::auth':
region => "%(CONFIG_KEYSTONE_REGION)s", region => hiera('CONFIG_KEYSTONE_REGION'),
password => "%(CONFIG_NOVA_KS_PW)s", password => hiera('CONFIG_NOVA_KS_PW'),
public_address => "%(CONFIG_CONTROLLER_HOST)s", public_address => hiera('CONFIG_CONTROLLER_HOST'),
admin_address => "%(CONFIG_CONTROLLER_HOST)s", admin_address => hiera('CONFIG_CONTROLLER_HOST'),
internal_address => "%(CONFIG_CONTROLLER_HOST)s", internal_address => hiera('CONFIG_CONTROLLER_HOST'),
cinder => true, cinder => true,
} }

6
packstack/puppet/templates/keystone_swift.pp
View File

@@ -1,5 +1,5 @@
class { 'swift::keystone::auth': class { 'swift::keystone::auth':
public_address => '%(CONFIG_CONTROLLER_HOST)s', public_address => hiera('CONFIG_CONTROLLER_HOST'),
region => '%(CONFIG_KEYSTONE_REGION)s', region => hiera('CONFIG_KEYSTONE_REGION'),
password => '%(CONFIG_SWIFT_KS_PW)s', password => hiera('CONFIG_SWIFT_KS_PW'),
} }

10
packstack/puppet/templates/mariadb_cinder_install.pp
View File

@@ -1,7 +1,7 @@
class {"cinder::db::mysql": class { 'cinder::db::mysql':
password => "%(CONFIG_CINDER_DB_PW)s", password => hiera('CONFIG_CINDER_DB_PW'),
host => "%%", host => '%%',
allowed_hosts => "%%", allowed_hosts => '%%',
charset => "utf8", charset => 'utf8',
mysql_module => '2.2', mysql_module => '2.2',
} }

38
packstack/puppet/templates/mariadb_cinder_noinstall.pp
View File

@@ -1,27 +1,29 @@
remote_database { 'cinder': remote_database { 'cinder':
ensure => 'present', ensure => 'present',
charset => 'utf8', charset => 'utf8',
db_host => '%(CONFIG_MARIADB_HOST)s', db_host => hiera('CONFIG_MARIADB_HOST'),
db_user => '%(CONFIG_MARIADB_USER)s', db_user => hiera('CONFIG_MARIADB_USER'),
db_password => '%(CONFIG_MARIADB_PW)s', db_password => hiera('CONFIG_MARIADB_PW'),
provider => 'mysql', provider => 'mysql',
} }
$mariadb_cinder_noinstall_db_pw = hiera('CONFIG_CINDER_DB_PW')
remote_database_user { 'cinder@%%': remote_database_user { 'cinder@%%':
password_hash => mysql_password('%(CONFIG_CINDER_DB_PW)s'), password_hash => mysql_password($mariadb_cinder_noinstall_db_pw),
db_host => '%(CONFIG_MARIADB_HOST)s', db_host => hiera('CONFIG_MARIADB_HOST'),
db_user => '%(CONFIG_MARIADB_USER)s', db_user => hiera('CONFIG_MARIADB_USER'),
db_password => '%(CONFIG_MARIADB_PW)s', db_password => hiera('CONFIG_MARIADB_PW'),
provider => 'mysql', provider => 'mysql',
require => Remote_database['cinder'], require => Remote_database['cinder'],
} }
remote_database_grant { 'cinder@%%/cinder': remote_database_grant { 'cinder@%%/cinder':
privileges => "all", privileges => 'all',
db_host => '%(CONFIG_MARIADB_HOST)s', db_host => hiera('CONFIG_MARIADB_HOST'),
db_user => '%(CONFIG_MARIADB_USER)s', db_user => hiera('CONFIG_MARIADB_USER'),
db_password => '%(CONFIG_MARIADB_PW)s', db_password => hiera('CONFIG_MARIADB_PW'),
provider => 'mysql', provider => 'mysql',
require => Remote_database_user['cinder@%%'], require => Remote_database_user['cinder@%%'],
} }

10
packstack/puppet/templates/mariadb_glance_install.pp
View File

@@ -1,7 +1,7 @@
class {"glance::db::mysql": class { 'glance::db::mysql':
password => "%(CONFIG_GLANCE_DB_PW)s", password => hiera('CONFIG_GLANCE_DB_PW'),
host => "%%", host => '%%',
allowed_hosts => "%%", allowed_hosts => '%%',
charset => "utf8", charset => 'utf8',
mysql_module => '2.2', mysql_module => '2.2',
} }

38
packstack/puppet/templates/mariadb_glance_noinstall.pp
View File

@@ -1,27 +1,29 @@
remote_database { 'glance': remote_database { 'glance':
ensure => 'present', ensure => 'present',
charset => 'utf8', charset => 'utf8',
db_host => '%(CONFIG_MARIADB_HOST)s', db_host => hiera('CONFIG_MARIADB_HOST'),
db_user => '%(CONFIG_MARIADB_USER)s', db_user => hiera('CONFIG_MARIADB_USER'),
db_password => '%(CONFIG_MARIADB_PW)s', db_password => hiera('CONFIG_MARIADB_PW'),
provider => 'mysql', provider => 'mysql',
} }
$mariadb_glance_noinstall_db_pw = hiera('CONFIG_GLANCE_DB_PW')
remote_database_user { 'glance@%%': remote_database_user { 'glance@%%':
password_hash => mysql_password('%(CONFIG_GLANCE_DB_PW)s' ), password_hash => mysql_password($mariadb_glance_noinstall_db_pw),
db_host => '%(CONFIG_MARIADB_HOST)s', db_host => hiera('CONFIG_MARIADB_HOST'),
db_user => '%(CONFIG_MARIADB_USER)s', db_user => hiera('CONFIG_MARIADB_USER'),
db_password => '%(CONFIG_MARIADB_PW)s', db_password => hiera('CONFIG_MARIADB_PW'),
provider => 'mysql', provider => 'mysql',
require => Remote_database['glance'], require => Remote_database['glance'],
} }
remote_database_grant { 'glance@%%/glance': remote_database_grant { 'glance@%%/glance':
privileges => "all", privileges => 'all',
db_host => '%(CONFIG_MARIADB_HOST)s', db_host => hiera('CONFIG_MARIADB_HOST'),
db_user => '%(CONFIG_MARIADB_USER)s', db_user => hiera('CONFIG_MARIADB_USER'),
db_password => '%(CONFIG_MARIADB_PW)s', db_password => hiera('CONFIG_MARIADB_PW'),
provider => 'mysql', provider => 'mysql',
require => Remote_database_user['glance@%%'], require => Remote_database_user['glance@%%'],
} }

10
packstack/puppet/templates/mariadb_heat_install.pp
View File

@@ -1,7 +1,7 @@
class {"heat::db::mysql": class { 'heat::db::mysql':
password => "%(CONFIG_HEAT_DB_PW)s", password => hiera('CONFIG_HEAT_DB_PW'),
host => "%%", host => '%%',
allowed_hosts => "%%", allowed_hosts => '%%',
charset => "utf8", charset => 'utf8',
mysql_module => '2.2', mysql_module => '2.2',
} }

38
packstack/puppet/templates/mariadb_heat_noinstall.pp
View File

@@ -1,27 +1,29 @@
remote_database { 'heat': remote_database { 'heat':
ensure => 'present', ensure => 'present',
charset => 'utf8', charset => 'utf8',
db_host => '%(CONFIG_MARIADB_HOST)s', db_host => hiera('CONFIG_MARIADB_HOST'),
db_user => '%(CONFIG_MARIADB_USER)s', db_user => hiera('CONFIG_MARIADB_USER'),
db_password => '%(CONFIG_MARIADB_PW)s', db_password => hiera('CONFIG_MARIADB_PW'),
provider => 'mysql', provider => 'mysql',
} }
$mariadb_heat_noinstall_db_pw = hiera('CONFIG_HEAT_DB_PW')
remote_database_user { 'heat@%%': remote_database_user { 'heat@%%':
password_hash => mysql_password('%(CONFIG_HEAT_DB_PW)s'), password_hash => mysql_password($mariadb_heat_noinstall_db_pw),
db_host => '%(CONFIG_MARIADB_HOST)s', db_host => hiera('CONFIG_MARIADB_HOST'),
db_user => '%(CONFIG_MARIADB_USER)s', db_user => hiera('CONFIG_MARIADB_USER'),
db_password => '%(CONFIG_MARIADB_PW)s', db_password => hiera('CONFIG_MARIADB_PW'),
provider => 'mysql', provider => 'mysql',
require => Remote_database['heat'], require => Remote_database['heat'],
} }
remote_database_grant { 'heat@%%/heat': remote_database_grant { 'heat@%%/heat':
privileges => "all", privileges => 'all',
db_host => '%(CONFIG_MARIADB_HOST)s', db_host => hiera('CONFIG_MARIADB_HOST'),
db_user => '%(CONFIG_MARIADB_USER)s', db_user => hiera('CONFIG_MARIADB_USER'),
db_password => '%(CONFIG_MARIADB_PW)s', db_password => hiera('CONFIG_MARIADB_PW'),
provider => 'mysql', provider => 'mysql',
require => Remote_database_user['heat@%%'], require => Remote_database_user['heat@%%'],
} }

49
packstack/puppet/templates/mariadb_install.pp
View File

@@ -1,36 +1,41 @@
# Package mariadb-server conflicts with mariadb-galera-server # Package mariadb-server conflicts with mariadb-galera-server
package {"mariadb-server": package { 'mariadb-server':
ensure => absent, ensure => absent,
} }
class {"mysql::server": class { 'mysql::server':
package_name => "mariadb-galera-server", package_name => 'mariadb-galera-server',
restart => true, restart => true,
root_password => "%(CONFIG_MARIADB_PW)s", root_password => hiera('CONFIG_MARIADB_PW'),
require => Package['mariadb-server'], require => Package['mariadb-server'],
override_options => { override_options => {
'mysqld' => { bind_address => "0.0.0.0", 'mysqld' => { bind_address => '0.0.0.0',
default_storage_engine => "InnoDB", default_storage_engine => 'InnoDB',
max_connections => "1024", max_connections => '1024',
open_files_limit => '-1', open_files_limit => '-1',
}
} }
}
} }
# deleting database users for security # deleting database users for security
# this is done in mysql::server::account_security but has problems # this is done in mysql::server::account_security but has problems
# when there is no fqdn, so we're defining a slightly different one here # when there is no fqdn, so we're defining a slightly different one here
database_user { [ 'root@127.0.0.1', 'root@::1', '@localhost', '@%%' ]: database_user { [ 'root@127.0.0.1', 'root@::1', '@localhost', '@%%' ]:
ensure => 'absent', require => Class['mysql::server'], ensure => 'absent',
require => Class['mysql::server'],
} }
if ($::fqdn != "" and $::fqdn != "localhost") {
database_user { [ "root@${::fqdn}", "@${::fqdn}"]: if ($::fqdn != '' and $::fqdn != 'localhost') {
ensure => 'absent', require => Class['mysql::server'], database_user { [ "root@${::fqdn}", "@${::fqdn}"]:
} ensure => 'absent',
require => Class['mysql::server'],
}
} }
if ($::fqdn != $::hostname and $::hostname != "localhost") { if ($::fqdn != $::hostname and $::hostname != 'localhost') {
database_user { ["root@${::hostname}", "@${::hostname}"]: database_user { ["root@${::hostname}", "@${::hostname}"]:
ensure => 'absent', require => Class['mysql::server'], ensure => 'absent',
} require => Class['mysql::server'],
}
} }

12
packstack/puppet/templates/mariadb_keystone_install.pp
View File

@@ -1,7 +1,7 @@
class {"keystone::db::mysql": class { 'keystone::db::mysql':
user => 'keystone_admin', user => 'keystone_admin',
password => "%(CONFIG_KEYSTONE_DB_PW)s", password => hiera('CONFIG_KEYSTONE_DB_PW'),
allowed_hosts => "%%", allowed_hosts => '%%',
charset => "utf8", charset => 'utf8',
mysql_module => '2.2', mysql_module => '2.2',
} }

38
packstack/puppet/templates/mariadb_keystone_noinstall.pp
View File

@@ -1,27 +1,29 @@
remote_database { 'keystone': remote_database { 'keystone':
ensure => 'present', ensure => 'present',
charset => 'utf8', charset => 'utf8',
db_host => '%(CONFIG_MARIADB_HOST)s', db_host => hiera('CONFIG_MARIADB_HOST'),
db_user => '%(CONFIG_MARIADB_USER)s', db_user => hiera('CONFIG_MARIADB_USER'),
db_password => '%(CONFIG_MARIADB_PW)s', db_password => hiera('CONFIG_MARIADB_PW'),
provider => 'mysql', provider => 'mysql',
} }
$mariadb_keystone_noinstall_db_pw = hiera('CONFIG_KEYSTONE_DB_PW')
remote_database_user { 'keystone_admin@%%': remote_database_user { 'keystone_admin@%%':
password_hash => mysql_password('%(CONFIG_KEYSTONE_DB_PW)s' ), password_hash => mysql_password($mariadb_keystone_noinstall_db_pw),
db_host => '%(CONFIG_MARIADB_HOST)s', db_host => hiera('CONFIG_MARIADB_HOST'),
db_user => '%(CONFIG_MARIADB_USER)s', db_user => hiera('CONFIG_MARIADB_USER'),
db_password => '%(CONFIG_MARIADB_PW)s', db_password => hiera('CONFIG_MARIADB_PW'),
provider => 'mysql', provider => 'mysql',
require => Remote_database['keystone'], require => Remote_database['keystone'],
} }
remote_database_grant { 'keystone_admin@%%/keystone': remote_database_grant { 'keystone_admin@%%/keystone':
privileges => "all", privileges => 'all',
db_host => '%(CONFIG_MARIADB_HOST)s', db_host => hiera('CONFIG_MARIADB_HOST'),
db_user => '%(CONFIG_MARIADB_USER)s', db_user => hiera('CONFIG_MARIADB_USER'),
db_password => '%(CONFIG_MARIADB_PW)s', db_password => hiera('CONFIG_MARIADB_PW'),
provider => 'mysql', provider => 'mysql',
require => Remote_database_user['keystone_admin@%%'], require => Remote_database_user['keystone_admin@%%'],
} }

12
packstack/puppet/templates/mariadb_neutron_install.pp
View File

@@ -1,8 +1,8 @@
class {"neutron::db::mysql": class { 'neutron::db::mysql':
password => "%(CONFIG_NEUTRON_DB_PW)s", password => hiera('CONFIG_NEUTRON_DB_PW'),
host => "%%", host => '%%',
allowed_hosts => "%%", allowed_hosts => '%%',
dbname => '%(CONFIG_NEUTRON_L2_DBNAME)s', dbname => hiera('CONFIG_NEUTRON_L2_DBNAME'),
charset => "utf8", charset => 'utf8',
mysql_module => '2.2', mysql_module => '2.2',
} }

43
packstack/puppet/templates/mariadb_neutron_noinstall.pp
View File

@@ -1,27 +1,30 @@
remote_database { '%(CONFIG_NEUTRON_L2_DBNAME)s': $mariadb_neutron_noinstall_db_pw = hiera('CONFIG_NEUTRON_DB_PW')
ensure => 'present', $mariadb_neutron_noinstall_l2_dbname = hiera('CONFIG_NEUTRON_L2_DBNAME')
charset => 'utf8',
db_host => '%(CONFIG_MARIADB_HOST)s', remote_database { $mariadb_neutron_noinstall_l2_dbname:
db_user => '%(CONFIG_MARIADB_USER)s', ensure => present,
db_password => '%(CONFIG_MARIADB_PW)s', charset => 'utf8',
provider => 'mysql', db_host => hiera('CONFIG_MARIADB_HOST'),
db_user => hiera('CONFIG_MARIADB_USER'),
db_password => hiera('CONFIG_MARIADB_PW'),
provider => 'mysql',
} }
remote_database_user { 'neutron@%%': remote_database_user { 'neutron@%%':
password_hash => mysql_password('%(CONFIG_NEUTRON_DB_PW)s' ), password_hash => mysql_password($mariadb_neutron_noinstall_db_pw),
db_host => '%(CONFIG_MARIADB_HOST)s', db_host => hiera('CONFIG_MARIADB_HOST'),
db_user => '%(CONFIG_MARIADB_USER)s', db_user => hiera('CONFIG_MARIADB_USER'),
db_password => '%(CONFIG_MARIADB_PW)s', db_password => hiera('CONFIG_MARIADB_PW'),
provider => 'mysql', provider => 'mysql',
require => Remote_database['%(CONFIG_NEUTRON_L2_DBNAME)s'], require => Remote_database[$mariadb_neutron_noinstall_l2_dbname],
} }
remote_database_grant { 'neutron@%%/%(CONFIG_NEUTRON_L2_DBNAME)s': remote_database_grant { "neutron@%%/${mariadb_neutron_noinstall_l2_dbname}":
privileges => "all", privileges => 'all',
db_host => '%(CONFIG_MARIADB_HOST)s', db_host => hiera('CONFIG_MARIADB_HOST'),
db_user => '%(CONFIG_MARIADB_USER)s', db_user => hiera('CONFIG_MARIADB_USER'),
db_password => '%(CONFIG_MARIADB_PW)s', db_password => hiera('CONFIG_MARIADB_PW'),
provider => 'mysql', provider => 'mysql',
require => Remote_database_user['neutron@%%'], require => Remote_database_user['neutron@%%'],
} }

3
packstack/puppet/templates/mariadb_noinstall.pp
View File

@@ -1,3 +1,2 @@
class { 'remote::db': class { 'remote::db': }
}

10
packstack/puppet/templates/mariadb_nova_install.pp
View File

@@ -1,7 +1,7 @@
class {"nova::db::mysql": class { 'nova::db::mysql':
password => "%(CONFIG_NOVA_DB_PW)s", password => hiera('CONFIG_NOVA_DB_PW'),
host => "%%", host => '%%',
allowed_hosts => "%%", allowed_hosts => '%%',
charset => "utf8", charset => 'utf8',
mysql_module => '2.2', mysql_module => '2.2',
} }

38
packstack/puppet/templates/mariadb_nova_noinstall.pp
View File

@@ -1,27 +1,29 @@
remote_database { 'nova': remote_database { 'nova':
ensure => 'present', ensure => 'present',
charset => 'utf8', charset => 'utf8',
db_host => '%(CONFIG_MARIADB_HOST)s', db_host => hiera('CONFIG_MARIADB_HOST'),
db_user => '%(CONFIG_MARIADB_USER)s', db_user => hiera('CONFIG_MARIADB_USER'),
db_password => '%(CONFIG_MARIADB_PW)s', db_password => hiera('CONFIG_MARIADB_PW'),
provider => 'mysql', provider => 'mysql',
} }
$mariadb_nova_noinstall_db_pw = hiera('CONFIG_NOVA_DB_PW')
remote_database_user { 'nova@%%': remote_database_user { 'nova@%%':
password_hash => mysql_password('%(CONFIG_NOVA_DB_PW)s' ), password_hash => mysql_password($mariadb_nova_noinstall_db_pw),
db_host => '%(CONFIG_MARIADB_HOST)s', db_host => hiera('CONFIG_MARIADB_HOST'),
db_user => '%(CONFIG_MARIADB_USER)s', db_user => hiera('CONFIG_MARIADB_USER'),
db_password => '%(CONFIG_MARIADB_PW)s', db_password => hiera('CONFIG_MARIADB_PW'),
provider => 'mysql', provider => 'mysql',
require => Remote_database['nova'], require => Remote_database['nova'],
} }
remote_database_grant { 'nova@%%/nova': remote_database_grant { 'nova@%%/nova':
privileges => "all", privileges => 'all',
db_host => '%(CONFIG_MARIADB_HOST)s', db_host => hiera('CONFIG_MARIADB_HOST'),
db_user => '%(CONFIG_MARIADB_USER)s', db_user => hiera('CONFIG_MARIADB_USER'),
db_password => '%(CONFIG_MARIADB_PW)s', db_password => hiera('CONFIG_MARIADB_PW'),
provider => 'mysql', provider => 'mysql',
require => Remote_database_user['nova@%%'], require => Remote_database_user['nova@%%'],
} }

7
packstack/puppet/templates/mongodb.pp
View File

@@ -1,4 +1,7 @@
$mongodb_host = hiera('CONFIG_MONGODB_HOST')
class { 'mongodb::server': class { 'mongodb::server':
smallfiles => true, smallfiles => true,
bind_ip => ['%(CONFIG_MONGODB_HOST)s'], bind_ip => [$mongodb_host],
} }

67
packstack/puppet/templates/nagios_nrpe.pp
View File

@@ -1,43 +1,48 @@
package{'nrpe': package{ 'nrpe':
ensure => present, ensure => present,
before => Class['nagios_configs'] before => Class['nagios_configs'],
} }
file{'/etc/nagios/nrpe.cfg': file{ '/etc/nagios/nrpe.cfg':
ensure => 'present', ensure => 'present',
mode => '0644', mode => '0644',
owner => 'nagios', owner => 'nagios',
group => 'nagios', group => 'nagios',
require => Package['nrpe'], require => Package['nrpe'],
} }
class nagios_configs(){ class nagios_configs () {
file_line{'allowed_hosts': $nagios_configs_cfg_ctrl_host = hiera('CONFIG_CONTROLLER_HOST')
path => '/etc/nagios/nrpe.cfg',
match => 'allowed_hosts=',
line => 'allowed_hosts=%(CONFIG_CONTROLLER_HOST)s',
}
# 5 minute load average file_line{'allowed_hosts':
file_line{'load5': path => '/etc/nagios/nrpe.cfg',
path => '/etc/nagios/nrpe.cfg', match => 'allowed_hosts=',
match => 'command\[load5\]=', line => "allowed_hosts=${nagios_configs_cfg_ctrl_host}",
line => 'command[load5]=cut /proc/loadavg -f 1 -d " "', }
}
# disk used on /var # 5 minute load average
file_line{'df_var': file_line{'load5':
path => '/etc/nagios/nrpe.cfg', path => '/etc/nagios/nrpe.cfg',
match => "command\[df_var\]=", match => 'command\[load5\]=',
line => "command[df_var]=df /var/ | sed -re 's/.* ([0-9]+)%%.*/\\1/' | grep -E '^[0-9]'", line => 'command[load5]=cut /proc/loadavg -f 1 -d " "',
} }
# disk used on /var
file_line{'df_var':
path => '/etc/nagios/nrpe.cfg',
match => "command\[df_var\]=",
line => "command[df_var]=df /var/ | sed -re 's/.* ([0-9]+)%%.*/\\1/' | grep -E '^[0-9]'",
}
} }
class{'nagios_configs': class{'nagios_configs':
notify => Service['nrpe'], notify => Service['nrpe'],
} }
service{'nrpe': service{'nrpe':
ensure => running, ensure => running,
enable => true, enable => true,
hasstatus => true, hasstatus => true,
} }

126
packstack/puppet/templates/nagios_server.pp
View File

@@ -1,81 +1,99 @@
include packstack::apache_common include packstack::apache_common
package{['nagios', 'nagios-plugins-nrpe']: package { ['nagios', 'nagios-plugins-nrpe']:
ensure => present, ensure => present,
before => Class['nagios_configs'] before => Class['nagios_configs'],
} }
# We need to preferably install nagios-plugins-ping # We need to preferably install nagios-plugins-ping
exec { 'nagios-plugins-ping': exec { 'nagios-plugins-ping':
path => '/usr/bin', path => '/usr/bin',
command => 'yum install -y -d 0 -e 0 monitoring-plugins-ping', command => 'yum install -y -d 0 -e 0 monitoring-plugins-ping',
onlyif => 'yum install -y -d 0 -e 0 nagios-plugins-ping &> /dev/null && exit 1 || exit 0', onlyif => 'yum install -y -d 0 -e 0 nagios-plugins-ping &> /dev/null && exit 1 || exit 0',
before => Class['nagios_configs'] before => Class['nagios_configs']
} }
class nagios_configs(){ class nagios_configs(){
file{['/etc/nagios/nagios_command.cfg', '/etc/nagios/nagios_host.cfg']: file { ['/etc/nagios/nagios_command.cfg', '/etc/nagios/nagios_host.cfg']:
ensure => 'present', ensure => 'present',
mode => '0644', mode => '0644',
owner => 'nagios', owner => 'nagios',
group => 'nagios', group => 'nagios',
} }
# Remove the entry for localhost, it contains services we're not # Remove the entry for localhost, it contains services we're not
# monitoring # monitoring
file{['/etc/nagios/objects/localhost.cfg']: file { ['/etc/nagios/objects/localhost.cfg']:
ensure => 'present', ensure => 'present',
content => '', content => '',
} }
file_line{'nagios_host': file_line { 'nagios_host':
path => '/etc/nagios/nagios.cfg', path => '/etc/nagios/nagios.cfg',
line => 'cfg_file=/etc/nagios/nagios_host.cfg', line => 'cfg_file=/etc/nagios/nagios_host.cfg',
} }
file_line{'nagios_command': file_line { 'nagios_command':
path => '/etc/nagios/nagios.cfg', path => '/etc/nagios/nagios.cfg',
line => 'cfg_file=/etc/nagios/nagios_command.cfg', line => 'cfg_file=/etc/nagios/nagios_command.cfg',
} }
file_line{'nagios_service': file_line { 'nagios_service':
path => '/etc/nagios/nagios.cfg', path => '/etc/nagios/nagios.cfg',
line => 'cfg_file=/etc/nagios/nagios_service.cfg', line => 'cfg_file=/etc/nagios/nagios_service.cfg',
} }
nagios_command{'check_nrpe': nagios_command { 'check_nrpe':
command_line => '/usr/lib64/nagios/plugins/check_nrpe -H $HOSTADDRESS$ -c $ARG1$', command_line => '/usr/lib64/nagios/plugins/check_nrpe -H $HOSTADDRESS$ -c $ARG1$',
} }
exec{'nagiospasswd': $cfg_nagios_pw = hiera('CONFIG_NAGIOS_PW')
command => '/usr/bin/htpasswd -b /etc/nagios/passwd nagiosadmin %(CONFIG_NAGIOS_PW)s',
}
file {"/etc/nagios/keystonerc_admin": exec { 'nagiospasswd':
ensure => "present", owner => "nagios", mode => '0600', command => "/usr/bin/htpasswd -b /etc/nagios/passwd nagiosadmin ${cfg_nagios_pw}",
content => "export OS_USERNAME=admin }
$nagios_cfg_ks_adm_pw = hiera('CONFIG_KEYSTONE_ADMIN_PW')
$nagios_cfg_ctrl_host = hiera('CONFIG_CONTROLLER_HOST')
file { '/etc/nagios/keystonerc_admin':
ensure => 'present',
owner => 'nagios',
mode => '0600',
content => "export OS_USERNAME=admin
export OS_TENANT_NAME=admin export OS_TENANT_NAME=admin
export OS_PASSWORD=%(CONFIG_KEYSTONE_ADMIN_PW)s export OS_PASSWORD=${nagios_cfg_ks_adm_pw}
export OS_AUTH_URL=http://%(CONFIG_CONTROLLER_HOST)s:35357/v2.0/ ",} export OS_AUTH_URL=http://${nagios_cfg_ctrl_host}:35357/v2.0/ ",
}
%(CONFIG_NAGIOS_MANIFEST_CONFIG)s %(CONFIG_NAGIOS_MANIFEST_CONFIG)s
} }
class{'nagios_configs': class { 'nagios_configs':
notify => [Service['nagios'], Service['httpd']], notify => [Service['nagios'], Service['httpd']],
} }
include ::apache include concat::setup
class {'apache::mod::php': }
service{['nagios']: class { 'apache':
ensure => running, purge_configs => false,
enable => true, }
hasstatus => true,
class { 'apache::mod::php': }
service { ['nagios']:
ensure => running,
enable => true,
hasstatus => true,
} }
firewall { '001 nagios incoming': firewall { '001 nagios incoming':
proto => 'tcp', proto => 'tcp',
dport => ['80'], dport => ['80'],
action => 'accept', action => 'accept',
}
# ensure that we won't stop listening on 443 if horizon has ssl enabled
if hiera('CONFIG_HORIZON_SSL') {
apache::listen { '443': }
} }

13
packstack/puppet/templates/neutron.pp
View File

@@ -1,9 +1,8 @@
$neutron_db_host = '%(CONFIG_MARIADB_HOST)s' $neutron_db_host = hiera('CONFIG_MARIADB_HOST')
$neutron_db_name = '%(CONFIG_NEUTRON_L2_DBNAME)s' $neutron_db_name = hiera('CONFIG_NEUTRON_L2_DBNAME')
$neutron_db_user = 'neutron' $neutron_db_user = 'neutron'
$neutron_db_password = '%(CONFIG_NEUTRON_DB_PW)s' $neutron_db_password = hiera('CONFIG_NEUTRON_DB_PW')
$neutron_sql_connection = "mysql://${neutron_db_user}:${neutron_db_password}@${neutron_db_host}/${neutron_db_name}" $neutron_sql_connection = "mysql://${neutron_db_user}:${neutron_db_password}@${neutron_db_host}/${neutron_db_name}"
$neutron_user_password = hiera('CONFIG_NEUTRON_KS_PW')
$neutron_user_password = '%(CONFIG_NEUTRON_KS_PW)s'

21
packstack/puppet/templates/neutron_api.pp
View File

@@ -1,17 +1,18 @@
class { 'neutron::server': class { 'neutron::server':
sql_connection => $neutron_sql_connection, sql_connection => $neutron_sql_connection,
connection => $neutron_sql_connection, connection => $neutron_sql_connection,
auth_password => $neutron_user_password, auth_password => $neutron_user_password,
auth_host => '%(CONFIG_CONTROLLER_HOST)s', auth_host => hiera('CONFIG_CONTROLLER_HOST'),
enabled => true, enabled => true,
mysql_module => '2.2', mysql_module => '2.2',
} }
exec { 'neutron-db-manage upgrade': exec { 'neutron-db-manage upgrade':
command => 'neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini upgrade head', command => 'neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini upgrade head',
path => '/usr/bin', path => '/usr/bin',
user => 'neutron', user => 'neutron',
logoutput => 'on_failure', logoutput => 'on_failure',
before => Service['neutron-server'], before => Service['neutron-server'],
require => [Neutron_config['database/connection'], Neutron_config['DEFAULT/core_plugin']], require => [Neutron_config['database/connection'], Neutron_config['DEFAULT/core_plugin']],
} }

5
packstack/puppet/templates/neutron_dhcp.pp
View File

@@ -1,4 +1,5 @@
class { 'neutron::agents::dhcp': class { 'neutron::agents::dhcp':
interface_driver => '%(CONFIG_NEUTRON_DHCP_INTERFACE_DRIVER)s', interface_driver => hiera('CONFIG_NEUTRON_DHCP_INTERFACE_DRIVER'),
debug => %(CONFIG_DEBUG_MODE)s, debug => hiera('CONFIG_DEBUG_MODE'),
} }

8
packstack/puppet/templates/neutron_l3.pp
View File

@@ -1,9 +1,9 @@
class { 'neutron::agents::l3': class { 'neutron::agents::l3':
interface_driver => '%(CONFIG_NEUTRON_L3_INTERFACE_DRIVER)s', interface_driver => hiera('CONFIG_NEUTRON_L3_INTERFACE_DRIVER'),
external_network_bridge => '%(CONFIG_NEUTRON_L3_EXT_BRIDGE)s', external_network_bridge => hiera('CONFIG_NEUTRON_L3_EXT_BRIDGE'),
debug => %(CONFIG_DEBUG_MODE)s, debug => hiera('CONFIG_DEBUG_MODE'),
} }
sysctl::value { 'net.ipv4.ip_forward': sysctl::value { 'net.ipv4.ip_forward':
value => '1' value => '1',
} }

2
packstack/puppet/templates/neutron_lb_agent.pp
View File

@@ -1,3 +1,3 @@
class {'neutron::agents::linuxbridge': class {'neutron::agents::linuxbridge':
physical_interface_mappings => '%(CONFIG_NEUTRON_LB_INTERFACE_MAPPINGS)s', physical_interface_mappings => hiera('CONFIG_NEUTRON_LB_INTERFACE_MAPPINGS'),
} }

4
packstack/puppet/templates/neutron_lb_plugin.pp
View File

@@ -1,4 +1,4 @@
class { 'neutron::plugins::linuxbridge': class { 'neutron::plugins::linuxbridge':
tenant_network_type => '%(CONFIG_NEUTRON_LB_TENANT_NETWORK_TYPE)s', tenant_network_type => hiera('CONFIG_NEUTRON_LB_TENANT_NETWORK_TYPE'),
network_vlan_ranges => '%(CONFIG_NEUTRON_LB_VLAN_RANGES)s', network_vlan_ranges => hiera('CONFIG_NEUTRON_LB_VLAN_RANGES'),
} }

4
packstack/puppet/templates/neutron_lbaas.pp
View File

@@ -1,6 +1,6 @@
class { 'neutron::agents::lbaas': class { 'neutron::agents::lbaas':
interface_driver => '%(CONFIG_NEUTRON_LBAAS_INTERFACE_DRIVER)s', interface_driver => hiera('CONFIG_NEUTRON_LBAAS_INTERFACE_DRIVER'),
device_driver => 'neutron.services.loadbalancer.drivers.haproxy.namespace_driver.HaproxyNSDriver', device_driver => 'neutron.services.loadbalancer.drivers.haproxy.namespace_driver.HaproxyNSDriver',
user_group => 'haproxy', user_group => 'haproxy',
debug => %(CONFIG_DEBUG_MODE)s, debug => hiera('CONFIG_DEBUG_MODE'),
} }

16
packstack/puppet/templates/neutron_metadata.pp
View File

@@ -1,8 +1,10 @@
class {'neutron::agents::metadata': $neutron_metadata_cfg_ctrl_host = hiera('CONFIG_CONTROLLER_HOST')
auth_password => '%(CONFIG_NEUTRON_KS_PW)s',
auth_url => 'http://%(CONFIG_CONTROLLER_HOST)s:35357/v2.0', class { 'neutron::agents::metadata':
auth_region => '%(CONFIG_KEYSTONE_REGION)s', auth_password => hiera('CONFIG_NEUTRON_KS_PW'),
shared_secret => '%(CONFIG_NEUTRON_METADATA_PW)s', auth_url => "http://${neutron_metadata_cfg_ctrl_host}:35357/v2.0",
metadata_ip => '%(CONFIG_CONTROLLER_HOST)s', auth_region => hiera('CONFIG_KEYSTONE_REGION'),
debug => %(CONFIG_DEBUG_MODE)s, shared_secret => hiera('CONFIG_NEUTRON_METADATA_PW'),
metadata_ip => hiera('CONFIG_CONTROLLER_HOST'),
debug => hiera('CONFIG_DEBUG_MODE'),
} }

4
packstack/puppet/templates/neutron_metering_agent.pp
View File

@@ -1,4 +1,4 @@
class { 'neutron::agents::metering': class { 'neutron::agents::metering':
interface_driver => '%(CONFIG_NEUTRON_METERING_IFCE_DRIVER)s', interface_driver => hiera('CONFIG_NEUTRON_METERING_IFCE_DRIVER'),
debug => %(CONFIG_DEBUG_MODE)s, debug => hiera('CONFIG_DEBUG_MODE'),
} }

29
packstack/puppet/templates/neutron_ml2_plugin.pp
View File

@@ -1,17 +1,26 @@
if hiera('CONFIG_NEUTRON_ML2_VXLAN_GROUP') == '' {
$vxlan_group_value = undef
} else {
$vxlan_group_value = hiera('CONFIG_NEUTRON_ML2_VXLAN_GROUP')
}
class { 'neutron::plugins::ml2': class { 'neutron::plugins::ml2':
type_drivers => %(CONFIG_NEUTRON_ML2_TYPE_DRIVERS)s, type_drivers => hiera_array('CONFIG_NEUTRON_ML2_TYPE_DRIVERS'),
tenant_network_types => %(CONFIG_NEUTRON_ML2_TENANT_NETWORK_TYPES)s, tenant_network_types => hiera_array('CONFIG_NEUTRON_ML2_TENANT_NETWORK_TYPES'),
mechanism_drivers => %(CONFIG_NEUTRON_ML2_MECHANISM_DRIVERS)s, mechanism_drivers => hiera_array('CONFIG_NEUTRON_ML2_MECHANISM_DRIVERS'),
flat_networks => %(CONFIG_NEUTRON_ML2_FLAT_NETWORKS)s, flat_networks => hiera_array('CONFIG_NEUTRON_ML2_FLAT_NETWORKS'),
network_vlan_ranges => %(CONFIG_NEUTRON_ML2_VLAN_RANGES)s, network_vlan_ranges => hiera_array('CONFIG_NEUTRON_ML2_VLAN_RANGES'),
tunnel_id_ranges => %(CONFIG_NEUTRON_ML2_TUNNEL_ID_RANGES)s, tunnel_id_ranges => hiera_array('CONFIG_NEUTRON_ML2_TUNNEL_ID_RANGES'),
vxlan_group => %(CONFIG_NEUTRON_ML2_VXLAN_GROUP)s, vxlan_group => $vxlan_group_value,
vni_ranges => %(CONFIG_NEUTRON_ML2_VNI_RANGES)s, vni_ranges => hiera_array('CONFIG_NEUTRON_ML2_VNI_RANGES'),
enable_security_group => true, enable_security_group => true,
} }
# For cases where "neutron-db-manage upgrade" command is called we need to fill config file first # For cases where "neutron-db-manage upgrade" command is called
# we need to fill config file first
if defined(Exec['neutron-db-manage upgrade']) { if defined(Exec['neutron-db-manage upgrade']) {
Neutron_plugin_ml2<||> -> File['/etc/neutron/plugin.ini'] -> Exec['neutron-db-manage upgrade'] Neutron_plugin_ml2<||> ->
File['/etc/neutron/plugin.ini'] ->
Exec['neutron-db-manage upgrade']
} }

14
packstack/puppet/templates/neutron_notifications.pp
View File

@@ -1,9 +1,11 @@
$neutron_notif_cfg_ctrl_host = hiera('CONFIG_CONTROLLER_HOST')
# Configure nova notifications system # Configure nova notifications system
class { 'neutron::server::notifications': class { 'neutron::server::notifications':
nova_admin_username => 'nova', nova_admin_username => 'nova',
nova_admin_password => '%(CONFIG_NOVA_KS_PW)s', nova_admin_password => hiera('CONFIG_NOVA_KS_PW'),
nova_admin_tenant_name => 'services', nova_admin_tenant_name => 'services',
nova_url => 'http://%(CONFIG_CONTROLLER_HOST)s:8774/v2', nova_url => "http://${neutron_notif_cfg_ctrl_host}:8774/v2",
nova_admin_auth_url => 'http://%(CONFIG_CONTROLLER_HOST)s:35357/v2.0', nova_admin_auth_url => "http://${neutron_notif_cfg_ctrl_host}:35357/v2.0",
nova_region_name => '%(CONFIG_KEYSTONE_REGION)s', nova_region_name => hiera('CONFIG_KEYSTONE_REGION'),
} }

16
packstack/puppet/templates/neutron_ovs_agent_gre.pp
View File

@@ -1,21 +1,23 @@
if "%(CONFIG_NEUTRON_OVS_TUNNEL_IF)s" { $ovs_agent_gre_cfg_neut_ovs_tun_if = hiera('CONFIG_NEUTRON_OVS_TUNNEL_IF')
$iface = regsubst('%(CONFIG_NEUTRON_OVS_TUNNEL_IF)s', '[\.\-\:]', '_', 'G')
if $ovs_agent_gre_cfg_neut_ovs_tun_if != '' {
$iface = regsubst($ovs_agent_gre_cfg_neut_ovs_tun_if, '[\.\-\:]', '_', 'G')
$localip = inline_template("<%%= scope.lookupvar('::ipaddress_${iface}') %%>") $localip = inline_template("<%%= scope.lookupvar('::ipaddress_${iface}') %%>")
} else { } else {
$localip = '%(CONFIG_NEUTRON_OVS_HOST)s' $localip = $cfg_neutron_ovs_host
} }
if '%(CONFIG_NEUTRON_L2_PLUGIN)s' == 'ml2' { if hiera('CONFIG_NEUTRON_L2_PLUGIN') == 'ml2' {
class { 'neutron::agents::ml2::ovs': class { 'neutron::agents::ml2::ovs':
bridge_mappings => %(CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS)s, bridge_mappings => hiera_array('CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS'),
enable_tunneling => true, enable_tunneling => true,
tunnel_types => ['gre'], tunnel_types => ['gre'],
local_ip => $localip, local_ip => $localip,
l2_population => %(CONFIG_NEUTRON_USE_L2POPULATION)s, l2_population => hiera('CONFIG_NEUTRON_USE_L2POPULATION'),
} }
} else { } else {
class { 'neutron::agents::ovs': class { 'neutron::agents::ovs':
bridge_mappings => %(CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS)s, bridge_mappings => hiera_array('CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS'),
enable_tunneling => true, enable_tunneling => true,
tunnel_types => ['gre'], tunnel_types => ['gre'],
local_ip => $localip, local_ip => $localip,

8
packstack/puppet/templates/neutron_ovs_agent_local.pp
View File

@@ -1,12 +1,12 @@
if '%(CONFIG_NEUTRON_L2_PLUGIN)s' == 'ml2' { if hiera('CONFIG_NEUTRON_L2_PLUGIN') == 'ml2' {
class { 'neutron::agents::ml2::ovs': class { 'neutron::agents::ml2::ovs':
bridge_mappings => %(CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS)s, bridge_mappings => hiera_array('CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS'),
l2_population => %(CONFIG_NEUTRON_USE_L2POPULATION)s, l2_population => hiera('CONFIG_NEUTRON_USE_L2POPULATION'),
} }
} else { } else {
class { 'neutron::agents::ovs': class { 'neutron::agents::ovs':
bridge_mappings => %(CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS)s, bridge_mappings => hiera_array('CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS'),
} }
file { 'ovs_neutron_plugin.ini': file { 'ovs_neutron_plugin.ini':

8
packstack/puppet/templates/neutron_ovs_agent_vlan.pp
View File

@@ -1,12 +1,12 @@
if '%(CONFIG_NEUTRON_L2_PLUGIN)s' == 'ml2' { if hiera('CONFIG_NEUTRON_L2_PLUGIN') == 'ml2' {
class { 'neutron::agents::ml2::ovs': class { 'neutron::agents::ml2::ovs':
bridge_mappings => %(CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS)s, bridge_mappings => hiera_array('CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS'),
l2_population => %(CONFIG_NEUTRON_USE_L2POPULATION)s, l2_population => hiera('CONFIG_NEUTRON_USE_L2POPULATION'),
} }
} else { } else {
class { 'neutron::agents::ovs': class { 'neutron::agents::ovs':
bridge_mappings => %(CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS)s, bridge_mappings => hiera_array('CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS'),
} }
file { 'ovs_neutron_plugin.ini': file { 'ovs_neutron_plugin.ini':

19
packstack/puppet/templates/neutron_ovs_agent_vxlan.pp
View File

@@ -1,27 +1,28 @@
$ovs_agent_vxlan_cfg_neut_ovs_tun_if = hiera('CONFIG_NEUTRON_OVS_TUNNEL_IF')
if "%(CONFIG_NEUTRON_OVS_TUNNEL_IF)s" { if $ovs_agent_vxlan_cfg_neut_ovs_tun_if != '' {
$iface = regsubst('%(CONFIG_NEUTRON_OVS_TUNNEL_IF)s', '[\.\-\:]', '_', 'G') $iface = regsubst($ovs_agent_vxlan_cfg_neut_ovs_tun_if, '[\.\-\:]', '_', 'G')
$localip = inline_template("<%%= scope.lookupvar('::ipaddress_${iface}') %%>") $localip = inline_template("<%%= scope.lookupvar('::ipaddress_${iface}') %%>")
} else { } else {
$localip = '%(CONFIG_NEUTRON_OVS_HOST)s' $localip = $cfg_neutron_ovs_host
} }
if '%(CONFIG_NEUTRON_L2_PLUGIN)s' == 'ml2' { if hiera('CONFIG_NEUTRON_L2_PLUGIN') == 'ml2' {
class { 'neutron::agents::ml2::ovs': class { 'neutron::agents::ml2::ovs':
bridge_mappings => %(CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS)s, bridge_mappings => hiera_array('CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS'),
enable_tunneling => true, enable_tunneling => true,
tunnel_types => ['vxlan'], tunnel_types => ['vxlan'],
local_ip => $localip, local_ip => $localip,
vxlan_udp_port => %(CONFIG_NEUTRON_OVS_VXLAN_UDP_PORT)s, vxlan_udp_port => hiera('CONFIG_NEUTRON_OVS_VXLAN_UDP_PORT'),
l2_population => %(CONFIG_NEUTRON_USE_L2POPULATION)s, l2_population => hiera('CONFIG_NEUTRON_USE_L2POPULATION'),
} }
} else { } else {
class { 'neutron::agents::ovs': class { 'neutron::agents::ovs':
bridge_mappings => %(CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS)s, bridge_mappings => hiera_array('CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS'),
enable_tunneling => true, enable_tunneling => true,
tunnel_types => ['vxlan'], tunnel_types => ['vxlan'],
local_ip => $localip, local_ip => $localip,
vxlan_udp_port => %(CONFIG_NEUTRON_OVS_VXLAN_UDP_PORT)s, vxlan_udp_port => hiera('CONFIG_NEUTRON_OVS_VXLAN_UDP_PORT'),
} }
file { 'ovs_neutron_plugin.ini': file { 'ovs_neutron_plugin.ini':

10
packstack/puppet/templates/neutron_ovs_bridge.pp
View File

@@ -1,10 +1,14 @@
if '%(CONFIG_NEUTRON_L2_PLUGIN)s' == 'ml2' { $ovs_bridge_cfg_neut_l2_plugin = hiera('CONFIG_NEUTRON_L2_PLUGIN')
if $ovs_bridge_cfg_neut_l2_plugin == 'ml2' {
$agent_service = 'neutron-ovs-agent-service' $agent_service = 'neutron-ovs-agent-service'
} else { } else {
$agent_service = 'neutron-plugin-ovs-service' $agent_service = 'neutron-plugin-ovs-service'
} }
vs_bridge { '%(CONFIG_NEUTRON_OVS_BRIDGE)s': $config_neutron_ovs_bridge = hiera('CONFIG_NEUTRON_OVS_BRIDGE')
vs_bridge { $config_neutron_ovs_bridge:
ensure => present, ensure => present,
require => Service["${agent_service}"] require => Service[$agent_service],
} }

6
packstack/puppet/templates/neutron_ovs_plugin_gre.pp
View File

@@ -1,5 +1,5 @@
class { 'neutron::plugins::ovs': class { 'neutron::plugins::ovs':
tenant_network_type => '%(CONFIG_NEUTRON_OVS_TENANT_NETWORK_TYPE)s', tenant_network_type => hiera('CONFIG_NEUTRON_OVS_TENANT_NETWORK_TYPE'),
network_vlan_ranges => '%(CONFIG_NEUTRON_OVS_VLAN_RANGES)s', network_vlan_ranges => hiera('CONFIG_NEUTRON_OVS_VLAN_RANGES'),
tunnel_id_ranges => '%(CONFIG_NEUTRON_OVS_TUNNEL_RANGES)s', tunnel_id_ranges => hiera('CONFIG_NEUTRON_OVS_TUNNEL_RANGES'),
} }

4
packstack/puppet/templates/neutron_ovs_plugin_local.pp
View File

@@ -1,4 +1,4 @@
class { 'neutron::plugins::ovs': class { 'neutron::plugins::ovs':
tenant_network_type => '%(CONFIG_NEUTRON_OVS_TENANT_NETWORK_TYPE)s', tenant_network_type => hiera('CONFIG_NEUTRON_OVS_TENANT_NETWORK_TYPE'),
network_vlan_ranges => '%(CONFIG_NEUTRON_OVS_VLAN_RANGES)s', network_vlan_ranges => hiera('CONFIG_NEUTRON_OVS_VLAN_RANGES'),
} }

4
packstack/puppet/templates/neutron_ovs_plugin_vlan.pp
View File

@@ -1,4 +1,4 @@
class { 'neutron::plugins::ovs': class { 'neutron::plugins::ovs':
tenant_network_type => '%(CONFIG_NEUTRON_OVS_TENANT_NETWORK_TYPE)s', tenant_network_type => hiera('CONFIG_NEUTRON_OVS_TENANT_NETWORK_TYPE'),
network_vlan_ranges => '%(CONFIG_NEUTRON_OVS_VLAN_RANGES)s', network_vlan_ranges => hiera('CONFIG_NEUTRON_OVS_VLAN_RANGES'),
} }

8
packstack/puppet/templates/neutron_ovs_plugin_vxlan.pp
View File

@@ -1,7 +1,7 @@
class { 'neutron::plugins::ovs': class { 'neutron::plugins::ovs':
tenant_network_type => '%(CONFIG_NEUTRON_OVS_TENANT_NETWORK_TYPE)s', tenant_network_type => hiera('CONFIG_NEUTRON_OVS_TENANT_NETWORK_TYPE'),
network_vlan_ranges => '%(CONFIG_NEUTRON_OVS_VLAN_RANGES)s', network_vlan_ranges => hiera('CONFIG_NEUTRON_OVS_VLAN_RANGES'),
tunnel_id_ranges => '%(CONFIG_NEUTRON_OVS_TUNNEL_RANGES)s', tunnel_id_ranges => hiera('CONFIG_NEUTRON_OVS_TUNNEL_RANGES'),
vxlan_udp_port => %(CONFIG_NEUTRON_OVS_VXLAN_UDP_PORT)s, vxlan_udp_port => hiera('CONFIG_NEUTRON_OVS_VXLAN_UDP_PORT'),
} }

8
packstack/puppet/templates/neutron_ovs_port.pp
View File

@@ -1,5 +1,7 @@
vs_port { '%(CONFIG_NEUTRON_OVS_IFACE)s': $cfg_neutron_ovs_iface = hiera('CONFIG_NEUTRON_OVS_IFACE')
bridge => '%(CONFIG_NEUTRON_OVS_BRIDGE)s',
ensure => present vs_port { $cfg_neutron_ovs_iface:
ensure => present,
bridge => hiera('CONFIG_NEUTRON_OVS_BRIDGE'),
} }

16
packstack/puppet/templates/neutron_qpid.pp
View File

@@ -1,14 +1,14 @@
class { 'neutron': class { 'neutron':
rpc_backend => 'neutron.openstack.common.rpc.impl_qpid', rpc_backend => 'neutron.openstack.common.rpc.impl_qpid',
qpid_hostname => '%(CONFIG_AMQP_HOST)s', qpid_hostname => hiera('CONFIG_AMQP_HOST'),
qpid_username => '%(CONFIG_AMQP_AUTH_USER)s', qpid_username => hiera('CONFIG_AMQP_AUTH_USER'),
qpid_password => '%(CONFIG_AMQP_AUTH_PASSWORD)s', qpid_password => hiera('CONFIG_AMQP_AUTH_PASSWORD'),
qpid_port => '%(CONFIG_AMQP_CLIENTS_PORT)s', qpid_port => hiera('CONFIG_AMQP_CLIENTS_PORT'),
qpid_protocol => '%(CONFIG_AMQP_PROTOCOL)s', qpid_protocol => hiera('CONFIG_AMQP_PROTOCOL'),
core_plugin => '%(CONFIG_NEUTRON_CORE_PLUGIN)s', core_plugin => hiera('CONFIG_NEUTRON_CORE_PLUGIN'),
allow_overlapping_ips => true, allow_overlapping_ips => true,
service_plugins => %(SERVICE_PLUGINS)s, service_plugins => hiera_array('SERVICE_PLUGINS'),
verbose => true, verbose => true,
debug => %(CONFIG_DEBUG_MODE)s, debug => hiera('CONFIG_DEBUG_MODE'),
} }

14
packstack/puppet/templates/neutron_rabbitmq.pp
View File

@@ -1,12 +1,12 @@
class { 'neutron': class { 'neutron':
rabbit_host => '%(CONFIG_AMQP_HOST)s', rabbit_host => hiera('CONFIG_AMQP_HOST'),
rabbit_port => '%(CONFIG_AMQP_CLIENTS_PORT)s', rabbit_port => hiera('CONFIG_AMQP_CLIENTS_PORT'),
rabbit_user => '%(CONFIG_AMQP_AUTH_USER)s', rabbit_user => hiera('CONFIG_AMQP_AUTH_USER'),
rabbit_password => '%(CONFIG_AMQP_AUTH_PASSWORD)s', rabbit_password => hiera('CONFIG_AMQP_AUTH_PASSWORD'),
core_plugin => '%(CONFIG_NEUTRON_CORE_PLUGIN)s', core_plugin => hiera('CONFIG_NEUTRON_CORE_PLUGIN'),
allow_overlapping_ips => true, allow_overlapping_ips => true,
service_plugins => %(SERVICE_PLUGINS)s, service_plugins => hiera_array('SERVICE_PLUGINS'),
verbose => true, verbose => true,
debug => %(CONFIG_DEBUG_MODE)s, debug => hiera('CONFIG_DEBUG_MODE'),
} }

10
packstack/puppet/templates/nova_api.pp
View File

@@ -1,10 +1,10 @@
require 'keystone::python' require 'keystone::python'
class {"nova::api": class { 'nova::api':
enabled => true, enabled => true,
auth_host => "%(CONFIG_CONTROLLER_HOST)s", auth_host => hiera('CONFIG_CONTROLLER_HOST'),
admin_password => "%(CONFIG_NOVA_KS_PW)s", admin_password => hiera('CONFIG_NOVA_KS_PW'),
neutron_metadata_proxy_shared_secret => %(CONFIG_NEUTRON_METADATA_PW_UNQUOTED)s neutron_metadata_proxy_shared_secret => hiera('CONFIG_NEUTRON_METADATA_PW_UNQUOTED'),
} }
Package<| title == 'nova-common' |> -> Class['nova::api'] Package<| title == 'nova-common' |> -> Class['nova::api']

Some files were not shown because too many files have changed in this diff Show More