x
/
packstack
Code Issues Proposed changes

Refactor manifest execution 

Previously, Packstack created many individual manifest files from
smaller snippets (templates), and executed them following a certain
order. This is sub-optimal, since it forces code duplication and goes
against the Puppet design of running a single manifest.

This patch refactors the manifest execution, following these principles:

- Only 3 templates used, so max 3 Puppet executions on a host: controller
  manifest, network node manifest, compute node manifest.

- The previous snippets are now part of the Packstack Puppet module, and
  included as needed by the controller/network/compute manifests. This
  concept is similar to the one used by the puppet-openstack-integration
  project [1].

- The remaining Python code is left untouched, so we can keep complete
  compatibility with previous answer files.

- Redis HA support has been removed, as this was the only service with
  HA enabled and didn't fit the general purpose of Packstack.

[1] - https://github.com/openstack/puppet-openstack-integration

Change-Id: I87591be0fce98079c85c5c12ad76ea7115fb9c75
This commit is contained in:
Javier Pena 2016-06-14 17:00:14 +02:00
parent 2380a93e3b
commit 4587b9b4d3
284 changed files with 4524 additions and 4855 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
docs/packstack.rst
View File

@ -1070,32 +1070,12 @@ MONGODB Config parameters
Redis Config parameters
-----------------------
**CONFIG_REDIS_MASTER_HOST**
IP address of the server on which to install the Redis master server.
**CONFIG_REDIS_HOST**
IP address of the server on which to install the Redis server.
**CONFIG_REDIS_PORT**
Port on which the Redis server(s) listens.
Port on which the Redis server listens.
**CONFIG_REDIS_HA**
Specify 'y' to have Redis try to use HA. ['y', 'n']
**CONFIG_REDIS_SLAVE_HOSTS**
Hosts on which to install Redis slaves.
**CONFIG_REDIS_SENTINEL_HOSTS**
Hosts on which to install Redis sentinel servers.
**CONFIG_REDIS_SENTINEL_CONTACT_HOST**
Host to configure as the Redis coordination sentinel.
**CONFIG_REDIS_SENTINEL_PORT**
Port on which Redis sentinel servers listen.
**CONFIG_REDIS_SENTINEL_QUORUM**
Quorum value for Redis sentinel servers.
**CONFIG_REDIS_MASTER_NAME**
Name of the master server watched by the Redis sentinel. ['[a-z]+']
Aodh Config parameters
----------------------

15
packstack/modules/ospluginutils.py
View File

@ -33,7 +33,6 @@ class ManifestFiles(object):
def __init__(self):
self.filelist = []
self.data = {}
self.global_data = None
# continuous manifest file that have the same marker can be
# installed in parallel, if on different servers
@ -61,15 +60,12 @@ class ManifestFiles(object):
Write out the manifest data to disk, this should only be called once
write before the puppet manifests are copied to the various servers
"""
if not self.global_data:
with open(os.path.join(PUPPET_TEMPLATE_DIR, "global.pp")) as gfp:
self.global_data = gfp.read() % controller.CONF
os.mkdir(basedefs.PUPPET_MANIFEST_DIR, 0o700)
for fname, data in self.data.items():
path = os.path.join(basedefs.PUPPET_MANIFEST_DIR, fname)
fd = os.open(path, os.O_WRONLY | os.O_CREAT | os.O_EXCL, 0o600)
with os.fdopen(fd, 'w') as fp:
fp.write(self.global_data + data)
fp.write(data)
manifestfiles = ManifestFiles()
@ -84,10 +80,6 @@ def appendManifestFile(manifest_name, data, marker=''):
manifestfiles.addFile(manifest_name, marker, data)
def prependManifestFile(manifest_name, data, marker=''):
manifestfiles.prependFile(manifest_name, marker, data)
def generateHieraDataFile():
os.mkdir(basedefs.HIERADATA_DIR, 0o700)
with open(HIERA_COMMON_YAML, 'w') as outfile:
@ -97,11 +89,6 @@ def generateHieraDataFile():
os.symlink(os.path.basename(HIERA_COMMON_YAML), HIERA_DEFAULTS_YAML)
def createFirewallResources(hiera_key, default_value='{}'):
hiera_function = "hiera('%s', %s)" % (hiera_key, default_value)
return "create_resources(packstack::firewall, %s)\n\n" % hiera_function
def generate_ssl_cert(config, host, service, ssl_key_file, ssl_cert_file):
"""
Wrapper on top of openssl

5
packstack/modules/shortcuts.py
View File

@ -1,5 +0,0 @@
# -*- coding: utf-8 -*-
def get_mq(config, plugin):
return plugin + "_%s.pp" % config.get('CONFIG_AMQP_BACKEND')

11
packstack/plugins/amqp_002.py
View File

@ -23,9 +23,6 @@ from packstack.installer import utils
from packstack.modules.common import filtered_hosts
from packstack.modules.documentation import update_params_usage
from packstack.modules.ospluginutils import appendManifestFile
from packstack.modules.ospluginutils import createFirewallResources
from packstack.modules.ospluginutils import getManifestTemplate
from packstack.modules.ospluginutils import generate_ssl_cert
# ------------- AMQP Packstack Plugin Initialization --------------
@ -155,7 +152,7 @@ def initConfig(controller):
def initSequences(controller):
amqpsteps = [
{'title': 'Adding AMQP manifest entries',
{'title': 'Preparing AMQP entries',
'functions': [create_manifest]}
]
controller.addSequence("Installing AMQP", [], [], amqpsteps)
@ -188,9 +185,6 @@ def create_manifest(config, messages):
config['CONFIG_AMQP_AUTH_PASSWORD'] = 'guest'
config['CONFIG_AMQP_AUTH_USER'] = 'guest'
manifestfile = "%s_amqp.pp" % config['CONFIG_AMQP_HOST']
manifestdata = getManifestTemplate('amqp')
if config['CONFIG_IP_VERSION'] == 'ipv6':
config['CONFIG_AMQP_HOST_URL'] = "[%s]" % config['CONFIG_AMQP_HOST']
else:
@ -207,6 +201,3 @@ def create_manifest(config, messages):
fw_details[key]['ports'] = ['5671', '5672']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_AMQP_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_AMQP_RULES')
appendManifestFile(manifestfile, manifestdata, 'pre')

23
packstack/plugins/aodh_810.py
View File

@ -22,10 +22,6 @@ from packstack.installer import validators
from packstack.installer import processors
from packstack.modules.documentation import update_params_usage
from packstack.modules.shortcuts import get_mq
from packstack.modules.ospluginutils import appendManifestFile
from packstack.modules.ospluginutils import createFirewallResources
from packstack.modules.ospluginutils import getManifestTemplate
from packstack.modules.ospluginutils import generate_ssl_cert
# ------------- Aodh Packstack Plugin Initialization --------------
@ -76,10 +72,8 @@ def initSequences(controller):
controller.CONF['CONFIG_CEILOMETER_INSTALL'] != 'y'):
return
steps = [{'title': 'Adding Aodh manifest entries',
'functions': [create_manifest]},
{'title': 'Adding Aodh Keystone manifest entries',
'functions': [create_keystone_manifest]}]
steps = [{'title': 'Preparing Aodh entries',
'functions': [create_manifest]}]
controller.addSequence("Installing OpenStack Aodh", [], [],
steps)
@ -87,11 +81,6 @@ def initSequences(controller):
# -------------------------- step functions --------------------------
def create_manifest(config, messages):
manifestfile = "%s_aodh.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate(get_mq(config, "aodh"))
manifestdata += getManifestTemplate("aodh")
manifestdata += getManifestTemplate("apache_ports")
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
ssl_cert_file = config['CONFIG_AODH_SSL_CERT'] = (
'/etc/pki/tls/certs/ssl_amqp_aodh.crt'
@ -113,11 +102,3 @@ def create_manifest(config, messages):
fw_details[key]['ports'] = ['8042']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_AODH_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_AODH_RULES')
appendManifestFile(manifestfile, manifestdata, 'aodh')
def create_keystone_manifest(config, messages):
manifestfile = "%s_keystone.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate("keystone_aodh")
appendManifestFile(manifestfile, manifestdata)

47
packstack/plugins/apache_060.py
View File

@ -1,47 +0,0 @@
# -*- coding: utf-8 -*-
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""
Installs and configures Apache for all services using it
"""
from packstack.installer import utils
from packstack.modules.ospluginutils import appendManifestFile
from packstack.modules.ospluginutils import getManifestTemplate
# ------------- Aodh Packstack Plugin Initialization --------------
PLUGIN_NAME = "OS-Apache"
PLUGIN_NAME_COLORED = utils.color_text(PLUGIN_NAME, 'blue')
def initConfig(controller):
# No config needed
return
def initSequences(controller):
steps = [{'title': 'Adding Apache manifest entries',
'functions': [create_manifest]}]
controller.addSequence("Setting up Apache", [], [],
steps)
# ------------------------- step functions -------------------------
def create_manifest(config, messages):
manifestfile = "%s_apache.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate("apache")
appendManifestFile(manifestfile, manifestdata, 'apache')

203
packstack/plugins/ceilometer_800.py
View File

@ -22,13 +22,8 @@ from packstack.installer import basedefs
from packstack.installer import utils
from packstack.installer import validators
from packstack.installer import processors
from packstack.installer.utils import split_hosts
from packstack.modules.documentation import update_params_usage
from packstack.modules.shortcuts import get_mq
from packstack.modules.ospluginutils import appendManifestFile
from packstack.modules.ospluginutils import createFirewallResources
from packstack.modules.ospluginutils import getManifestTemplate
from packstack.modules.ospluginutils import generate_ssl_cert
# ------------- Ceilometer Packstack Plugin Initialization --------------
@ -114,18 +109,18 @@ def initConfig(controller):
"CONDITION": False},
],
"REDIS": [
{"CMD_OPTION": "redis-master-host",
"PROMPT": "Enter the host for the Redis master server",
{"CMD_OPTION": "redis-host",
"PROMPT": "Enter the host for the Redis server",
"OPTION_LIST": [],
"VALIDATORS": [validators.validate_ssh],
"DEFAULT_VALUE": utils.get_localhost_ip(),
"MASK_INPUT": False,
"LOOSE_VALIDATION": False,
"CONF_NAME": "CONFIG_REDIS_MASTER_HOST",
"CONF_NAME": "CONFIG_REDIS_HOST",
"USE_DEFAULT": False,
"NEED_CONFIRM": False,
"CONDITION": False,
"DEPRECATES": ["CONFIG_REDIS_HOST"]},
"DEPRECATES": ["CONFIG_REDIS_MASTER_HOST"]},
{"CMD_OPTION": "redis-port",
"PROMPT": "Enter the port of the redis server(s)",
"OPTION_LIST": [],
@ -137,87 +132,6 @@ def initConfig(controller):
"USE_DEFAULT": False,
"NEED_CONFIRM": False,
"CONDITION": False},
{"CMD_OPTION": "redis-ha",
"PROMPT": "Should redis try to use HA?",
"OPTION_LIST": ["y", "n"],
"VALIDATORS": [validators.validate_options],
"DEFAULT_VALUE": "n",
"MASK_INPUT": False,
"LOOSE_VALIDATION": False,
"CONF_NAME": "CONFIG_REDIS_HA",
"USE_DEFAULT": False,
"NEED_CONFIRM": False,
"CONDITION": False},
{"CMD_OPTION": "redis-slaves",
"PROMPT": "Enter the host for the redis slave servers",
"OPTION_LIST": [],
"VALIDATORS": [validators.validate_multi_ssh],
"DEFAULT_VALUE": "",
"MASK_INPUT": False,
"LOOSE_VALIDATION": False,
"CONF_NAME": "CONFIG_REDIS_SLAVE_HOSTS",
"USE_DEFAULT": False,
"NEED_CONFIRM": False,
"CONDITION": False},
{"CMD_OPTION": "redis-sentinels",
"PROMPT": "Enter the host for the redis sentinel servers",
"OPTION_LIST": [],
"VALIDATORS": [validators.validate_multi_ssh],
"DEFAULT_VALUE": "",
"MASK_INPUT": False,
"LOOSE_VALIDATION": False,
"CONF_NAME": "CONFIG_REDIS_SENTINEL_HOSTS",
"USE_DEFAULT": False,
"NEED_CONFIRM": False,
"CONDITION": False},
{"CMD_OPTION": "redis-sentinel-contact",
"PROMPT":
"Enter the IP address of the coordination redis sentinel",
"OPTION_LIST": [],
"VALIDATORS": [validators.validate_ssh],
"DEFAULT_VALUE": "",
"MASK_INPUT": False,
"LOOSE_VALIDATION": False,
"CONF_NAME": "CONFIG_REDIS_SENTINEL_CONTACT_HOST",
"USE_DEFAULT": False,
"NEED_CONFIRM": False,
"CONDITION": False},
{"CMD_OPTION": "redis-sentinel-port",
"PROMPT": ("Enter the port on which the redis sentinel servers"
" listen"),
"OPTION_LIST": [],
"VALIDATORS": [validators.validate_port],
"DEFAULT_VALUE": 26379,
"MASK_INPUT": False,
"LOOSE_VALIDATION": False,
"CONF_NAME": "CONFIG_REDIS_SENTINEL_PORT",
"USE_DEFAULT": False,
"NEED_CONFIRM": False,
"CONDITION": False},
{"CMD_OPTION": "redis-sentinel-quorum",
"PROMPT": (
"Enter the quorum value for the redis sentinel servers"),
"OPTION_LIST": [],
"VALIDATORS": [validators.validate_integer],
"DEFAULT_VALUE": 2,
"MASK_INPUT": False,
"LOOSE_VALIDATION": False,
"CONF_NAME": "CONFIG_REDIS_SENTINEL_QUORUM",
"USE_DEFAULT": False,
"NEED_CONFIRM": False,
"CONDITION": False},
{"CMD_OPTION": "redis-sentinel-master-name",
"PROMPT": (
"Enter the logical name of the master server"),
"OPTION_LIST": [r'[a-z]+'],
"VALIDATORS": [validators.validate_regexp],
"DEFAULT_VALUE": 'mymaster',
"MASK_INPUT": False,
"LOOSE_VALIDATION": False,
"CONF_NAME": "CONFIG_REDIS_MASTER_NAME",
"USE_DEFAULT": False,
"NEED_CONFIRM": False,
"CONDITION": False},
],
}
update_params_usage(basedefs.PACKSTACK_DOC, ceilometer_params)
@ -253,14 +167,12 @@ def initSequences(controller):
if controller.CONF['CONFIG_CEILOMETER_INSTALL'] != 'y':
return
steps = [{'title': 'Adding MongoDB manifest entries',
steps = [{'title': 'Preparing MongoDB entries',
'functions': [create_mongodb_manifest]},
{'title': 'Adding Redis manifest entries',
{'title': 'Preparing Redis entries',
'functions': [create_redis_manifest]},
{'title': 'Adding Ceilometer manifest entries',
'functions': [create_manifest]},
{'title': 'Adding Ceilometer Keystone manifest entries',
'functions': [create_keystone_manifest]}]
{'title': 'Preparing Ceilometer entries',
'functions': [create_manifest]}]
controller.addSequence("Installing OpenStack Ceilometer", [], [],
steps)
@ -268,38 +180,6 @@ def initSequences(controller):
# -------------------------- step functions --------------------------
def create_manifest(config, messages):
manifestfile = "%s_ceilometer.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate(get_mq(config, "ceilometer"))
manifestdata += getManifestTemplate("ceilometer")
if config['CONFIG_CEILOMETER_SERVICE_NAME'] == 'httpd':
manifestdata += getManifestTemplate("apache_ports")
if config['CONFIG_CEILOMETER_COORDINATION_BACKEND'] == 'redis':
# Determine if we need to configure multiple sentinel hosts as
# fallbacks for use in coordination url.
sentinel_hosts = split_hosts(config['CONFIG_REDIS_SENTINEL_HOSTS'])
sentinel_port = config['CONFIG_REDIS_SENTINEL_PORT']
sentinel_host = config['CONFIG_REDIS_SENTINEL_CONTACT_HOST']
if config['CONFIG_IP_VERSION'] == 'ipv6':
config['CONFIG_REDIS_SENTINEL_CONTACT_HOST_URL'] = "[%s]" % (
sentinel_host)
else:
config['CONFIG_REDIS_SENTINEL_CONTACT_HOST_URL'] = sentinel_host
sentinel_contact = config['CONFIG_REDIS_SENTINEL_CONTACT_HOST']
if len(sentinel_hosts) > 1:
sentinel_format = 'sentinel_fallback=%s:%s'
if config['CONFIG_IP_VERSION'] == 'ipv6':
sentinel_format = 'sentinel_fallback=[%s]:%s'
sentinel_fallbacks = '&'.join([sentinel_format %
(host, sentinel_port)
for host in sentinel_hosts
if host != sentinel_contact])
else:
sentinel_fallbacks = ''
config['CONFIG_REDIS_SENTINEL_FALLBACKS'] = sentinel_fallbacks
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
ssl_cert_file = config['CONFIG_CEILOMETER_SSL_CERT'] = (
'/etc/pki/tls/certs/ssl_amqp_ceilometer.crt'
@ -321,13 +201,6 @@ def create_manifest(config, messages):
fw_details[key]['ports'] = ['8777']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_CEILOMETER_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_CEILOMETER_RULES')
# Add a template that creates a group for nova because the ceilometer
# class needs it
if config['CONFIG_NOVA_INSTALL'] == 'n':
manifestdata += getManifestTemplate("ceilometer_nova_disabled")
appendManifestFile(manifestfile, manifestdata, 'ceilometer')
def create_mongodb_manifest(config, messages):
@ -336,8 +209,6 @@ def create_mongodb_manifest(config, messages):
config['CONFIG_MONGODB_HOST_URL'] = "[%s]" % host
else:
config['CONFIG_MONGODB_HOST_URL'] = host
manifestfile = "%s_mongodb.pp" % config['CONFIG_MONGODB_HOST']
manifestdata = getManifestTemplate("mongodb")
fw_details = dict()
key = "mongodb_server"
@ -349,70 +220,20 @@ def create_mongodb_manifest(config, messages):
fw_details[key]['proto'] = "tcp"
config['FIREWALL_MONGODB_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_MONGODB_RULES')
appendManifestFile(manifestfile, manifestdata, 'pre')
def create_redis_manifest(config, messages):
if config['CONFIG_CEILOMETER_COORDINATION_BACKEND'] == 'redis':
redis_master_host = config['CONFIG_REDIS_MASTER_HOST']
redis_host = config['CONFIG_REDIS_HOST']
if config['CONFIG_IP_VERSION'] == 'ipv6':
config['CONFIG_REDIS_MASTER_HOST_URL'] = "[%s]" % redis_master_host
config['CONFIG_REDIS_HOST_URL'] = "[%s]" % redis_host
else:
config['CONFIG_REDIS_MASTER_HOST_URL'] = redis_master_host
config['CONFIG_REDIS_HOST_URL'] = redis_host
# master
manifestfile = "%s_redis.pp" % config['CONFIG_REDIS_MASTER_HOST']
manifestdata = getManifestTemplate("redis.pp")
master_clients = set([config['CONFIG_CONTROLLER_HOST']]).union(
split_hosts(config['CONFIG_REDIS_SLAVE_HOSTS'])).union(
split_hosts(config['CONFIG_REDIS_SENTINEL_HOSTS']))
master_clients = set([config['CONFIG_CONTROLLER_HOST']])
config['FIREWALL_REDIS_RULES'] = _create_redis_firewall_rules(
master_clients, config['CONFIG_REDIS_PORT'])
manifestdata += createFirewallResources('FIREWALL_REDIS_RULES')
appendManifestFile(manifestfile, manifestdata, 'pre')
# slaves
if config['CONFIG_REDIS_HA'] == 'y':
for slave in split_hosts(config['CONFIG_REDIS_SLAVE_HOSTS']):
config['CONFIG_REDIS_HOST'] = slave
manifestfile = "%s_redis_slave.pp" % slave
manifestdata = getManifestTemplate("redis_slave.pp")
slave_clients = set([config['CONFIG_CONTROLLER_HOST']]).union(
split_hosts(config['CONFIG_REDIS_SLAVE_HOSTS'])).union(
split_hosts(config['CONFIG_REDIS_SENTINEL_HOSTS']))
config['FIREWALL_REDIS_SLAVE_RULES'] = (
_create_redis_firewall_rules(
slave_clients, config['CONFIG_REDIS_PORT']))
manifestdata += createFirewallResources(
'FIREWALL_REDIS_SLAVE_RULES')
appendManifestFile(manifestfile, manifestdata, 'pre')
# sentinels
if config['CONFIG_REDIS_HA'] == 'y':
for sentinel in split_hosts(config['CONFIG_REDIS_SENTINEL_HOSTS']):
manifestfile = "%s_redis_sentinel.pp" % sentinel
manifestdata = getManifestTemplate("redis_sentinel.pp")
config['FIREWALL_SENTINEL_RULES'] = (
_create_redis_firewall_rules(
split_hosts(config['CONFIG_REDIS_SENTINEL_HOSTS']),
config['CONFIG_REDIS_SENTINEL_PORT']))
manifestdata += createFirewallResources(
'FIREWALL_SENTINEL_RULES')
appendManifestFile(manifestfile, manifestdata, 'pre')
def create_keystone_manifest(config, messages):
manifestfile = "%s_keystone.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate("keystone_ceilometer")
appendManifestFile(manifestfile, manifestdata)
# ------------------------- helper functions -------------------------

33
packstack/plugins/cinder_250.py
View File

@ -27,10 +27,6 @@ from packstack.installer.utils import split_hosts
from packstack.installer import utils
from packstack.modules.documentation import update_params_usage
from packstack.modules.shortcuts import get_mq
from packstack.modules.ospluginutils import appendManifestFile
from packstack.modules.ospluginutils import createFirewallResources
from packstack.modules.ospluginutils import getManifestTemplate
from packstack.modules.ospluginutils import generate_ssl_cert
# ------------------ Cinder Packstack Plugin initialization ------------------
@ -601,10 +597,7 @@ def initSequences(controller):
if key in config:
config[key] = [i.strip() for i in config[key].split(',') if i]
cinder_steps = [
{'title': 'Adding Cinder Keystone manifest entries',
'functions': [create_keystone_manifest]}
]
cinder_steps = []
if 'lvm' in config['CONFIG_CINDER_BACKEND']:
cinder_steps.append(
@ -612,7 +605,7 @@ def initSequences(controller):
'functions': [check_cinder_vg]})
cinder_steps.append(
{'title': 'Adding Cinder manifest entries',
{'title': 'Preparing Cinder entries',
'functions': [create_manifest]}
)
controller.addSequence("Installing OpenStack Cinder", [], [], cinder_steps)
@ -719,12 +712,6 @@ def check_cinder_vg(config, messages):
config['CONFIG_CINDER_VOLUMES_SIZE'] = '%sM' % cinders_volume_size
def create_keystone_manifest(config, messages):
manifestfile = "%s_keystone.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate("keystone_cinder")
appendManifestFile(manifestfile, manifestdata)
def create_manifest(config, messages):
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
ssl_host = config['CONFIG_STORAGE_HOST']
@ -738,18 +725,6 @@ def create_manifest(config, messages):
generate_ssl_cert(config, ssl_host, service, ssl_key_file,
ssl_cert_file)
manifestdata = getManifestTemplate(get_mq(config, "cinder"))
manifestfile = "%s_cinder.pp" % config['CONFIG_STORAGE_HOST']
manifestdata += getManifestTemplate("cinder")
for backend in config['CONFIG_CINDER_BACKEND']:
manifestdata += getManifestTemplate('cinder_%s' % backend)
if config['CONFIG_CEILOMETER_INSTALL'] == 'y':
manifestdata += getManifestTemplate('cinder_ceilometer')
if config['CONFIG_SWIFT_INSTALL'] == 'y':
manifestdata += getManifestTemplate('cinder_backup')
fw_details = dict()
for host in split_hosts(config['CONFIG_COMPUTE_HOSTS']):
if (config['CONFIG_NOVA_INSTALL'] == 'y' and
@ -768,7 +743,6 @@ def create_manifest(config, messages):
fw_details[key]['proto'] = "tcp"
config['FIREWALL_CINDER_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_CINDER_RULES')
# cinder API should be open for everyone
fw_details = dict()
@ -780,6 +754,3 @@ def create_manifest(config, messages):
fw_details[key]['ports'] = ['8776']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_CINDER_API_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_CINDER_API_RULES')
appendManifestFile(manifestfile, manifestdata)

9
packstack/plugins/dashboard_500.py
View File

@ -25,8 +25,6 @@ from packstack.installer import utils
from packstack.installer import validators
from packstack.modules.documentation import update_params_usage
from packstack.modules.ospluginutils import appendManifestFile
from packstack.modules.ospluginutils import getManifestTemplate
from packstack.modules.ospluginutils import generate_ssl_cert
from packstack.modules.ospluginutils import deliver_ssl_file
@ -131,7 +129,7 @@ def initSequences(controller):
return
steps = [
{'title': 'Adding Horizon manifest entries',
{'title': 'Preparing Horizon entries',
'functions': [create_manifest]}
]
controller.addSequence("Installing OpenStack Horizon", [], [], steps)
@ -141,7 +139,6 @@ def initSequences(controller):
def create_manifest(config, messages):
horizon_host = config['CONFIG_CONTROLLER_HOST']
manifestfile = "%s_horizon.pp" % horizon_host
proto = "http"
config["CONFIG_HORIZON_PORT"] = 80
@ -207,10 +204,6 @@ def create_manifest(config, messages):
if config["CONFIG_NEUTRON_VPNAAS"] == 'y':
config["CONFIG_HORIZON_NEUTRON_VPN"] = True
manifestdata = getManifestTemplate("horizon")
manifestdata += getManifestTemplate("apache_ports")
appendManifestFile(manifestfile, manifestdata)
msg = ("To access the OpenStack Dashboard browse to %s://%s/dashboard .\n"
"Please, find your login credentials stored in the keystonerc_admin"
" in your home directory."

27
packstack/plugins/glance_200.py
View File

@ -22,10 +22,6 @@ from packstack.installer import processors
from packstack.installer import utils
from packstack.modules.documentation import update_params_usage
from packstack.modules.shortcuts import get_mq
from packstack.modules.ospluginutils import appendManifestFile
from packstack.modules.ospluginutils import createFirewallResources
from packstack.modules.ospluginutils import getManifestTemplate
from packstack.modules.ospluginutils import generate_ssl_cert
# ------------- Glance Packstack Plugin Initialization --------------
@ -94,9 +90,7 @@ def initSequences(controller):
return
glancesteps = [
{'title': 'Adding Glance Keystone manifest entries',
'functions': [create_keystone_manifest]},
{'title': 'Adding Glance manifest entries',
{'title': 'Preparing Glance entries',
'functions': [create_manifest]}
]
controller.addSequence("Installing OpenStack Glance", [], [], glancesteps)
@ -112,12 +106,6 @@ def process_backend(value, param_name, config):
# -------------------------- step functions --------------------------
def create_keystone_manifest(config, messages):
manifestfile = "%s_keystone.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate("keystone_glance")
appendManifestFile(manifestfile, manifestdata)
def create_manifest(config, messages):
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
ssl_host = config['CONFIG_STORAGE_HOST']
@ -131,12 +119,6 @@ def create_manifest(config, messages):
generate_ssl_cert(config, ssl_host, service, ssl_key_file,
ssl_cert_file)
manifestfile = "%s_glance.pp" % config['CONFIG_STORAGE_HOST']
manifestdata = getManifestTemplate("glance")
if config['CONFIG_CEILOMETER_INSTALL'] == 'y':
mq_template = get_mq(config, "glance_ceilometer")
manifestdata += getManifestTemplate(mq_template)
fw_details = dict()
key = "glance_api"
fw_details.setdefault(key, {})
@ -146,10 +128,3 @@ def create_manifest(config, messages):
fw_details[key]['ports'] = ['9292']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_GLANCE_RULES'] = fw_details
# Set the backend
manifestdata += getManifestTemplate(
'glance_%s.pp' % config['CONFIG_GLANCE_BACKEND'])
manifestdata += createFirewallResources('FIREWALL_GLANCE_RULES')
appendManifestFile(manifestfile, manifestdata)

21
packstack/plugins/gnocchi_790.py
View File

@ -22,9 +22,6 @@ from packstack.installer import validators
from packstack.installer import processors
from packstack.modules.documentation import update_params_usage
from packstack.modules.ospluginutils import appendManifestFile
from packstack.modules.ospluginutils import createFirewallResources
from packstack.modules.ospluginutils import getManifestTemplate
# ------------- Gnocchi Packstack Plugin Initialization --------------
@ -86,10 +83,8 @@ def initSequences(controller):
controller.CONF['CONFIG_CEILOMETER_INSTALL'] != 'y'):
return
steps = [{'title': 'Adding Gnocchi manifest entries',
'functions': [create_manifest]},
{'title': 'Adding Gnocchi Keystone manifest entries',
'functions': [create_keystone_manifest]}]
steps = [{'title': 'Preparing Gnocchi entries',
'functions': [create_manifest]}]
controller.addSequence("Installing OpenStack Gnocchi", [], [],
steps)
@ -97,10 +92,6 @@ def initSequences(controller):
# -------------------------- step functions --------------------------
def create_manifest(config, messages):
manifestfile = "%s_gnocchi.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate("gnocchi")
manifestdata += getManifestTemplate("apache_ports")
fw_details = dict()
key = "gnocchi_api"
fw_details.setdefault(key, {})
@ -110,11 +101,3 @@ def create_manifest(config, messages):
fw_details[key]['ports'] = ['8041']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_GNOCCHI_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_GNOCCHI_RULES')
appendManifestFile(manifestfile, manifestdata, 'gnocchi')
def create_keystone_manifest(config, messages):
manifestfile = "%s_keystone.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate("keystone_gnocchi")
appendManifestFile(manifestfile, manifestdata)

32
packstack/plugins/heat_650.py
View File

@ -24,10 +24,6 @@ from packstack.installer import validators
from packstack.installer import processors
from packstack.modules.documentation import update_params_usage
from packstack.modules.shortcuts import get_mq
from packstack.modules.ospluginutils import appendManifestFile
from packstack.modules.ospluginutils import createFirewallResources
from packstack.modules.ospluginutils import getManifestTemplate
from packstack.modules.ospluginutils import generate_ssl_cert
# ------------- Heat Packstack Plugin Initialization --------------
@ -155,17 +151,17 @@ def initSequences(controller):
if config['CONFIG_HEAT_INSTALL'] != 'y':
return
steps = [
{'title': 'Adding Heat manifest entries',
{'title': 'Preparing Heat entries',
'functions': [create_manifest]},
]
if config.get('CONFIG_HEAT_CLOUDWATCH_INSTALL', 'n') == 'y':
steps.append(
{'title': 'Adding Heat CloudWatch API manifest entries',
{'title': 'Preparing Heat CloudWatch API entries',
'functions': [create_cloudwatch_manifest]})
if config.get('CONFIG_HEAT_CFN_INSTALL', 'n') == 'y':
steps.append(
{'title': 'Adding Heat CloudFormation API manifest entries',
{'title': 'Preparing Heat CloudFormation API entries',
'functions': [create_cfn_manifest]})
controller.addSequence("Installing Heat", [], [], steps)
@ -185,11 +181,6 @@ def create_manifest(config, messages):
generate_ssl_cert(config, ssl_host, service, ssl_key_file,
ssl_cert_file)
manifestfile = "%s_heat.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate(get_mq(config, "heat"))
manifestdata += getManifestTemplate("heat")
manifestdata += getManifestTemplate("keystone_heat")
fw_details = dict()
key = "heat"
fw_details.setdefault(key, {})
@ -200,15 +191,8 @@ def create_manifest(config, messages):
fw_details[key]['proto'] = "tcp"
config['FIREWALL_HEAT_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_HEAT_RULES')
appendManifestFile(manifestfile, manifestdata, marker='heat')
def create_cloudwatch_manifest(config, messages):
manifestfile = "%s_heatcw.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate(get_mq(config, "heat"))
manifestdata += getManifestTemplate("heat_cloudwatch")
fw_details = dict()
key = "heat_api_cloudwatch"
fw_details.setdefault(key, {})
@ -219,15 +203,8 @@ def create_cloudwatch_manifest(config, messages):
fw_details[key]['proto'] = "tcp"
config['FIREWALL_HEAT_CLOUDWATCH_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_HEAT_CLOUDWATCH_RULES')
appendManifestFile(manifestfile, manifestdata, marker='heat')
def create_cfn_manifest(config, messages):
manifestfile = "%s_heatcnf.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate(get_mq(config, "heat"))
manifestdata += getManifestTemplate("heat_cfn")
fw_details = dict()
key = "heat_cfn"
fw_details.setdefault(key, {})
@ -237,6 +214,3 @@ def create_cfn_manifest(config, messages):
fw_details[key]['ports'] = ['8000']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_HEAT_CFN_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_HEAT_CFN_RULES')
appendManifestFile(manifestfile, manifestdata, marker='heat')

24
packstack/plugins/ironic_275.py
View File

@ -22,10 +22,6 @@ from packstack.installer import validators
from packstack.installer import processors
from packstack.modules.documentation import update_params_usage
from packstack.modules.shortcuts import get_mq
from packstack.modules.ospluginutils import appendManifestFile
from packstack.modules.ospluginutils import createFirewallResources
from packstack.modules.ospluginutils import getManifestTemplate
from packstack.modules.ospluginutils import generate_ssl_cert
# ------------------ Ironic Packstack Plugin initialization ------------------
@ -78,9 +74,7 @@ def initSequences(controller):
return
steps = [
{'title': 'Adding Ironic Keystone manifest entries',
'functions': [create_keystone_manifest]},
{'title': 'Adding Ironic manifest entries',
{'title': 'Preparing Ironic entries',
'functions': [create_manifest]},
]
@ -103,10 +97,6 @@ def create_manifest(config, messages):
generate_ssl_cert(config, ssl_host, service, ssl_key_file,
ssl_cert_file)
manifestfile = "%s_ironic.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate(get_mq(config, "ironic"))
manifestdata += getManifestTemplate("ironic.pp")
fw_details = dict()
key = "ironic-api"
fw_details.setdefault(key, {})
@ -116,15 +106,3 @@ def create_manifest(config, messages):
fw_details[key]['ports'] = ['6385']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_IRONIC_API_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_IRONIC_API_RULES')
appendManifestFile(manifestfile, manifestdata, 'pre')
def create_keystone_manifest(config, messages):
if config['CONFIG_UNSUPPORTED'] != 'y':
config['CONFIG_IRONIC_HOST'] = config['CONFIG_CONTROLLER_HOST']
manifestfile = "%s_keystone.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate("keystone_ironic.pp")
appendManifestFile(manifestfile, manifestdata)

12
packstack/plugins/keystone_100.py
View File

@ -24,9 +24,6 @@ from packstack.installer import processors
from packstack.installer import utils
from packstack.modules.documentation import update_params_usage
from packstack.modules.ospluginutils import appendManifestFile
from packstack.modules.ospluginutils import createFirewallResources
from packstack.modules.ospluginutils import getManifestTemplate
# ------------- Keystone Packstack Plugin Initialization --------------
@ -718,7 +715,7 @@ def initSequences(controller):
{'title':
'Fixing Keystone LDAP config parameters to be undef if empty',
'functions': [munge_ldap_config_params]},
{'title': 'Adding Keystone manifest entries',
{'title': 'Preparing Keystone entries',
'functions': [create_manifest]},
]
controller.addSequence("Installing OpenStack Keystone", [], [],
@ -766,10 +763,6 @@ def munge_ldap_config_params(config, messages):
def create_manifest(config, messages):
manifestfile = "%s_keystone.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate("keystone")
manifestdata += getManifestTemplate("apache_ports")
if config['CONFIG_IP_VERSION'] == 'ipv6':
host = config['CONFIG_CONTROLLER_HOST']
config['CONFIG_KEYSTONE_HOST_URL'] = "[%s]" % host
@ -796,6 +789,3 @@ def create_manifest(config, messages):
fw_details[key]['ports'] = ['5000', '35357']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_KEYSTONE_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_KEYSTONE_RULES')
appendManifestFile(manifestfile, manifestdata)

29
packstack/plugins/manila_355.py
View File

@ -22,10 +22,6 @@ from packstack.installer import validators
from packstack.installer import utils
from packstack.modules.documentation import update_params_usage
from packstack.modules.shortcuts import get_mq
from packstack.modules.ospluginutils import getManifestTemplate
from packstack.modules.ospluginutils import appendManifestFile
from packstack.modules.ospluginutils import createFirewallResources
from packstack.modules.ospluginutils import generate_ssl_cert
# ------------- Manila Packstack Plugin Initialization --------------
@ -554,9 +550,7 @@ def initSequences(controller):
)
manila_steps = [
{'title': 'Adding Manila Keystone manifest entries',
'functions': [create_keystone_manifest]},
{'title': 'Adding Manila manifest entries',
{'title': 'Preparing Manila entries',
'functions': [create_manifest]}
]
@ -604,15 +598,6 @@ def check_glusternfs_options(config):
# -------------------------- step functions --------------------------
def create_keystone_manifest(config, messages):
if config['CONFIG_UNSUPPORTED'] != 'y':
config['CONFIG_STORAGE_HOST'] = config['CONFIG_CONTROLLER_HOST']
manifestfile = "%s_keystone.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate("keystone_manila.pp")
appendManifestFile(manifestfile, manifestdata)
def create_manifest(config, messages):
if config['CONFIG_UNSUPPORTED'] != 'y':
config['CONFIG_STORAGE_HOST'] = config['CONFIG_CONTROLLER_HOST']
@ -639,15 +624,6 @@ def create_manifest(config, messages):
elif config[key].lower() == "false":
config[key] = False
manifestdata = getManifestTemplate(get_mq(config, "manila"))
manifestfile = "%s_manila.pp" % config['CONFIG_STORAGE_HOST']
manifestdata += getManifestTemplate("manila.pp")
manifestdata += getManifestTemplate("manila_network.pp")
backends = config['CONFIG_MANILA_BACKEND']
for backend in backends:
manifestdata += getManifestTemplate('manila_%s.pp' % backend)
# manila API should be open for everyone
fw_details = dict()
key = "manila_api"
@ -658,6 +634,3 @@ def create_manifest(config, messages):
fw_details[key]['ports'] = ['8786']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_MANILA_API_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_MANILA_API_RULES')
appendManifestFile(manifestfile, manifestdata, marker='manila')

34
packstack/plugins/mariadb_003.py
View File

@ -23,9 +23,6 @@ from packstack.installer import utils
from packstack.modules.common import filtered_hosts
from packstack.modules.documentation import update_params_usage
from packstack.modules.ospluginutils import appendManifestFile
from packstack.modules.ospluginutils import createFirewallResources
from packstack.modules.ospluginutils import getManifestTemplate
# ------------- MariaDB Packstack Plugin Initialization --------------
@ -89,7 +86,7 @@ def initConfig(controller):
def initSequences(controller):
mariadbsteps = [
{'title': 'Adding MariaDB manifest entries',
{'title': 'Preparing MariaDB entries',
'functions': [create_manifest]}
]
controller.addSequence("Installing MariaDB", [], [], mariadbsteps)
@ -99,10 +96,8 @@ def initSequences(controller):
def create_manifest(config, messages):
if config['CONFIG_MARIADB_INSTALL'] == 'y':
suffix = 'install'
host = config['CONFIG_MARIADB_HOST']
else:
suffix = 'noinstall'
host = config['CONFIG_CONTROLLER_HOST']
if config['CONFIG_IP_VERSION'] == 'ipv6':
@ -110,30 +105,8 @@ def create_manifest(config, messages):
else:
config['CONFIG_MARIADB_HOST_URL'] = host
manifestfile = "%s_mariadb.pp" % host
manifestdata = [getManifestTemplate('mariadb_%s' % suffix)]
def append_for(module, suffix):
# Modules have to be appended to the existing mysql.pp
# otherwise pp will fail for some of them saying that
# Mysql::Config definition is missing.
template = "mariadb_%s_%s" % (module, suffix)
manifestdata.append(getManifestTemplate(template))
append_for("keystone", suffix)
for mod in ['nova', 'cinder', 'glance', 'neutron', 'heat', 'sahara',
'trove', 'ironic', 'manila']:
if config['CONFIG_%s_INSTALL' % mod.upper()] == 'y':
append_for(mod, suffix)
if (config['CONFIG_GNOCCHI_INSTALL'] == 'y' and
config['CONFIG_CEILOMETER_INSTALL'] == 'y'):
append_for('gnocchi', suffix)
hosts = filtered_hosts(config, exclude=False, dbhost=True)
fw_details = dict()
for host in hosts:
for host in filtered_hosts(config, exclude=False, dbhost=True):
key = "mariadb_%s" % host
fw_details.setdefault(key, {})
fw_details[key]['host'] = "%s" % host
@ -142,6 +115,3 @@ def create_manifest(config, messages):
fw_details[key]['ports'] = ['3306']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_MARIADB_RULES'] = fw_details
manifestdata.append(createFirewallResources('FIREWALL_MARIADB_RULES'))
appendManifestFile(manifestfile, "\n".join(manifestdata), 'pre')

17
packstack/plugins/nagios_910.py
View File

@ -23,9 +23,6 @@ from packstack.installer import utils
from packstack.modules.documentation import update_params_usage
from packstack.modules.common import filtered_hosts
from packstack.modules.ospluginutils import appendManifestFile
from packstack.modules.ospluginutils import createFirewallResources
from packstack.modules.ospluginutils import getManifestTemplate
# ------------- Nagios Packstack Plugin Initialization --------------
@ -63,9 +60,9 @@ def initSequences(controller):
return
nagiossteps = [
{'title': 'Adding Nagios server manifest entries',
{'title': 'Preparing Nagios server entries',
'functions': [create_manifest]},
{'title': 'Adding Nagios host manifest entries',
{'title': 'Preparing Nagios host entries',
'functions': [create_nrpe_manifests]}
]
controller.addSequence("Installing Nagios", [], [], nagiossteps)
@ -92,17 +89,10 @@ def create_manifest(config, messages):
config['CONFIG_NAGIOS_SERVICES'] = openstack_services
manifestfile = "%s_nagios.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate("nagios_server")
manifestdata += getManifestTemplate("apache_ports")
appendManifestFile(manifestfile, manifestdata)
def create_nrpe_manifests(config, messages):
for hostname in filtered_hosts(config):
config['CONFIG_NRPE_HOST'] = hostname
manifestfile = "%s_nagios_nrpe.pp" % hostname
manifestdata = getManifestTemplate("nagios_nrpe")
# Only the Nagios host is allowed to talk to nrpe
fw_details = dict()
@ -115,9 +105,6 @@ def create_nrpe_manifests(config, messages):
fw_details[key]['proto'] = "tcp"
config['FIREWALL_NAGIOS_NRPE_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_NAGIOS_NRPE_RULES')
appendManifestFile(manifestfile, manifestdata)
messages.append("To use Nagios, browse to "
"http://%(CONFIG_CONTROLLER_HOST)s/nagios "
"username: nagiosadmin, password: %(CONFIG_NAGIOS_PW)s"

168
packstack/plugins/neutron_350.py
View File

@ -25,10 +25,6 @@ from packstack.installer.utils import split_hosts
from packstack.modules import common
from packstack.modules.documentation import update_params_usage
from packstack.modules.shortcuts import get_mq
from packstack.modules.ospluginutils import appendManifestFile
from packstack.modules.ospluginutils import createFirewallResources
from packstack.modules.ospluginutils import getManifestTemplate
from packstack.modules.ospluginutils import generate_ssl_cert
# ------------- Neutron Packstack Plugin Initialization --------------
@ -504,28 +500,18 @@ def initSequences(controller):
config['CONFIG_NEUTRON_ML2_SRIOV_AGENT_REQUIRED'] = False
neutron_steps = [
{'title': 'Adding Neutron VPNaaS Agent manifest entries',
'functions': [create_vpnaas_manifests]},
{'title': 'Adding Neutron FWaaS Agent manifest entries',
'functions': [create_fwaas_manifests]},
{'title': 'Adding Neutron LBaaS Agent manifest entries',
{'title': 'Preparing Neutron LBaaS Agent entries',
'functions': [create_lbaas_manifests]},
{'title': 'Adding Neutron API manifest entries',
{'title': 'Preparing Neutron API entries',
'functions': [create_manifests]},
{'title': 'Adding Neutron Keystone manifest entries',
'functions': [create_keystone_manifest]},
{'title': 'Adding Neutron L3 manifest entries',
{'title': 'Preparing Neutron L3 entries',
'functions': [create_l3_manifests]},
{'title': 'Adding Neutron L2 Agent manifest entries',
{'title': 'Preparing Neutron L2 Agent entries',
'functions': [create_l2_agent_manifests]},
{'title': 'Adding Neutron DHCP Agent manifest entries',
{'title': 'Preparing Neutron DHCP Agent entries',
'functions': [create_dhcp_manifests]},
{'title': 'Adding Neutron Metering Agent manifest entries',
{'title': 'Preparing Neutron Metering Agent entries',
'functions': [create_metering_agent_manifests]},
{'title': 'Adding Neutron Metadata Agent manifest entries',
'functions': [create_metadata_manifests]},
{'title': 'Adding Neutron SR-IOV Switch Agent manifest entries',
'functions': [create_sriovnicswitch_manifests]},
{'title': 'Checking if NetworkManager is enabled and running',
'functions': [check_nm_status]},
]
@ -590,9 +576,8 @@ def get_values(val):
return [x.strip() for x in val.split(',')] if val else []
def tunnel_fw_details(config, host, src):
def tunnel_fw_details(config, host, src, fw_details):
key = "neutron_tunnel_%s_%s" % (host, src)
fw_details = dict()
fw_details.setdefault(key, {})
fw_details[key]['host'] = "%s" % src
fw_details[key]['service_name'] = "neutron tunnel port"
@ -604,7 +589,6 @@ def tunnel_fw_details(config, host, src):
fw_details[key]['proto'] = 'gre'
tun_port = None
fw_details[key]['ports'] = tun_port
return fw_details
# -------------------------- step functions --------------------------
@ -661,22 +645,7 @@ def create_manifests(config, messages):
generate_ssl_cert(config, host, service, ssl_key_file,
ssl_cert_file)
manifest_file = "%s_neutron.pp" % (host,)
manifest_data = getManifestTemplate("neutron")
manifest_data += getManifestTemplate(get_mq(config, "neutron"))
appendManifestFile(manifest_file, manifest_data, 'neutron')
if host in api_hosts:
manifest_file = "%s_neutron.pp" % (host,)
manifest_data = getManifestTemplate("neutron_api")
if config['CONFIG_NOVA_INSTALL'] == 'y':
template_name = "neutron_notifications"
manifest_data += getManifestTemplate(template_name)
# Set up any l2 plugin configs we need only on neutron api nodes
# XXX I am not completely sure about this, but it seems necessary:
manifest_data += getManifestTemplate(plugin_manifest)
# Firewall
fw_details = dict()
key = "neutron_server_%s" % host
@ -688,33 +657,24 @@ def create_manifests(config, messages):
fw_details[key]['proto'] = "tcp"
config['FIREWALL_NEUTRON_SERVER_RULES'] = fw_details
manifest_data += createFirewallResources(
'FIREWALL_NEUTRON_SERVER_RULES'
)
appendManifestFile(manifest_file, manifest_data, 'neutron')
# We also need to open VXLAN/GRE port for agent
manifest_data = ""
if use_openvswitch_vxlan(config) or use_openvswitch_gre(config):
if config['CONFIG_IP_VERSION'] == 'ipv6':
msg = output_messages.WARN_IPV6_OVS
messages.append(utils.color_text(msg % host, 'red'))
fw_details = dict()
if (config['CONFIG_NEUTRON_OVS_TUNNEL_SUBNETS']):
tunnel_subnets = map(
str.strip,
config['CONFIG_NEUTRON_OVS_TUNNEL_SUBNETS'].split(',')
)
cf_fw_nt_key = ("FIREWALL_NEUTRON_TUNNEL_RULES_%s" % host)
for subnet in tunnel_subnets:
cf_fw_nt_key = ("FIREWALL_NEUTRON_TUNNEL_RULES_%s_%s"
% (host, subnet))
config[cf_fw_nt_key] = tunnel_fw_details(config,
host, subnet)
manifest_data += createFirewallResources(cf_fw_nt_key)
tunnel_fw_details(config, host, subnet, fw_details)
config[cf_fw_nt_key] = fw_details
else:
cf_fw_nt_key = ("FIREWALL_NEUTRON_TUNNEL_RULES_%s" % host)
for n_host in network_hosts | compute_hosts:
cf_fw_nt_key = ("FIREWALL_NEUTRON_TUNNEL_RULES_%s_%s"
% (host, n_host))
if config['CONFIG_NEUTRON_OVS_TUNNEL_IF']:
if config['CONFIG_USE_SUBNETS'] == 'y':
iface = common.cidr_to_ifname(
@ -731,17 +691,8 @@ def create_manifests(config, messages):
(iface, n_host))
else:
src_host = n_host
config[cf_fw_nt_key] = tunnel_fw_details(config,
host, src_host)
manifest_data += createFirewallResources(cf_fw_nt_key)
appendManifestFile(manifest_file, manifest_data, 'neutron')
def create_keystone_manifest(config, messages):
manifestfile = "%s_keystone.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate("keystone_neutron")
appendManifestFile(manifestfile, manifestdata)
tunnel_fw_details(config, host, src_host, fw_details)
config[cf_fw_nt_key] = fw_details
def create_l3_manifests(config, messages):
@ -753,9 +704,6 @@ def create_l3_manifests(config, messages):
for host in network_hosts:
config['CONFIG_NEUTRON_L3_HOST'] = host
config['CONFIG_NEUTRON_L3_INTERFACE_DRIVER'] = get_if_driver(config)
manifestdata = getManifestTemplate("neutron_l3")
manifestfile = "%s_neutron.pp" % (host,)
appendManifestFile(manifestfile, manifestdata + '\n')
if config['CONFIG_NEUTRON_L2_AGENT'] == 'openvswitch':
ext_bridge = config['CONFIG_NEUTRON_L3_EXT_BRIDGE']
@ -764,8 +712,9 @@ def create_l3_manifests(config, messages):
ext_bridge) if ext_bridge else None
if (ext_bridge and not mapping):
config['CONFIG_NEUTRON_OVS_BRIDGE'] = ext_bridge
manifestdata = getManifestTemplate('neutron_ovs_bridge')
appendManifestFile(manifestfile, manifestdata + '\n')
config['CONFIG_NEUTRON_OVS_BRIDGE_CREATE'] = 'y'
else:
config['CONFIG_NEUTRON_OVS_BRIDGE_CREATE'] = 'n'
def create_dhcp_manifests(config, messages):
@ -774,11 +723,7 @@ def create_dhcp_manifests(config, messages):
for host in network_hosts:
config["CONFIG_NEUTRON_DHCP_HOST"] = host
config['CONFIG_NEUTRON_DHCP_INTERFACE_DRIVER'] = get_if_driver(config)
if use_openvswitch_vxlan(config) or use_openvswitch_gre(config):
manifest_data = getManifestTemplate("neutron_dhcp_mtu")
else:
manifest_data = getManifestTemplate("neutron_dhcp")
manifest_file = "%s_neutron.pp" % (host,)
# Firewall Rules for dhcp in
fw_details = dict()
key = "neutron_dhcp_in_%s" % host
@ -789,9 +734,6 @@ def create_dhcp_manifests(config, messages):
fw_details[key]['ports'] = ['67']
fw_details[key]['proto'] = "udp"
config['FIREWALL_NEUTRON_DHCPIN_RULES'] = fw_details
manifest_data += createFirewallResources(
'FIREWALL_NEUTRON_DHCPIN_RULES'
)
# Firewall Rules for dhcp out
fw_details = dict()
@ -803,35 +745,6 @@ def create_dhcp_manifests(config, messages):
fw_details[key]['ports'] = ['68']
fw_details[key]['proto'] = "udp"
config['FIREWALL_NEUTRON_DHCPOUT_RULES'] = fw_details
manifest_data += createFirewallResources(
'FIREWALL_NEUTRON_DHCPOUT_RULES'
)
appendManifestFile(manifest_file, manifest_data, 'neutron')
def create_fwaas_manifests(config, messages):
global network_hosts
if not config['CONFIG_NEUTRON_FWAAS'] == 'y':
return
for host in network_hosts:
manifestdata = getManifestTemplate("neutron_fwaas")
manifestfile = "%s_neutron.pp" % (host,)
appendManifestFile(manifestfile, manifestdata + "\n")
def create_vpnaas_manifests(config, messages):
global network_hosts
if config['CONFIG_NEUTRON_VPNAAS'] != 'y':
return
for host in network_hosts:
manifestdata = getManifestTemplate("neutron_vpnaas")
manifestfile = "%s_neutron.pp" % (host,)
appendManifestFile(manifestfile, manifestdata + "\n")
def create_lbaas_manifests(config, messages):
@ -842,9 +755,6 @@ def create_lbaas_manifests(config, messages):
for host in network_hosts:
config['CONFIG_NEUTRON_LBAAS_INTERFACE_DRIVER'] = get_if_driver(config)
manifestdata = getManifestTemplate("neutron_lbaas")
manifestfile = "%s_neutron.pp" % (host,)
appendManifestFile(manifestfile, manifestdata + "\n")
def create_metering_agent_manifests(config, messages):
@ -855,9 +765,6 @@ def create_metering_agent_manifests(config, messages):
for host in network_hosts:
config['CONFIG_NEUTRON_METERING_IFCE_DRIVER'] = get_if_driver(config)
manifestdata = getManifestTemplate("neutron_metering_agent")
manifestfile = "%s_neutron.pp" % (host,)
appendManifestFile(manifestfile, manifestdata + "\n")
def create_l2_agent_manifests(config, messages):
@ -881,7 +788,6 @@ def create_l2_agent_manifests(config, messages):
config["CONFIG_NEUTRON_OVS_TUNNELING"] = tunnel
tunnel_types = set(ovs_type) & set(['gre', 'vxlan'])
config["CONFIG_NEUTRON_OVS_TUNNEL_TYPES"] = list(tunnel_types)
template_name = "neutron_ovs_agent"
bm_arr = get_values(config["CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS"])
iface_arr = get_values(config["CONFIG_NEUTRON_OVS_BRIDGE_IFACES"])
@ -910,7 +816,6 @@ def create_l2_agent_manifests(config, messages):
elif agent == "linuxbridge":
host_var = 'CONFIG_NEUTRON_LB_HOST'
template_name = 'neutron_lb_agent'
else:
raise KeyError("Unknown layer2 agent")
@ -918,8 +823,6 @@ def create_l2_agent_manifests(config, messages):
no_tunnel_types = set(ovs_type) & set(['vlan', 'flat'])
for host in network_hosts | compute_hosts:
manifestfile = "%s_neutron.pp" % (host,)
manifestdata = "$cfg_neutron_ovs_host = '%s'\n" % host
# NICs connected to OVS bridges can be required in network nodes if
# vlan, flat, vxlan or gre are enabled. For compute nodes, they are
# only required if vlan or flat are enabled.
@ -937,40 +840,9 @@ def create_l2_agent_manifests(config, messages):
]
config["CONFIG_NEUTRON_OVS_BRIDGE_IFACES"] = iface_arr
config["CONFIG_NEUTRON_OVS_BRIDGE_IFACES_COMPUTE"] = if_arr_cmp
manifestdata += "$create_bridges = true\n"
config['CREATE_BRIDGES'] = 'y'
else:
manifestdata += "$create_bridges = false\n"
is_network_host = str(host in network_hosts).lower()
manifestdata += "$network_host = %s\n" % is_network_host
manifestdata += getManifestTemplate(template_name)
appendManifestFile(manifestfile, manifestdata + "\n")
# Additional configurations required for compute hosts and
# network hosts.
manifestdata = getManifestTemplate('neutron_bridge_module')
appendManifestFile(manifestfile, manifestdata + '\n')
def create_sriovnicswitch_manifests(config, messages):
global compute_hosts
if not use_ml2_with_sriovnicswitch(config):
return
for host in compute_hosts:
manifestdata = getManifestTemplate("neutron_sriov")
manifestfile = "%s_neutron.pp" % (host,)
appendManifestFile(manifestfile, manifestdata + "\n")
def create_metadata_manifests(config, messages):
global network_hosts
if config.get('CONFIG_NOVA_INSTALL') == 'n':
return
for host in network_hosts:
config['CONFIG_NEUTRON_METADATA_HOST'] = host
manifestdata = getManifestTemplate('neutron_metadata')
manifestfile = "%s_neutron.pp" % (host,)
appendManifestFile(manifestfile, manifestdata + "\n")
config['CREATE_BRIDGES'] = 'n'
def check_nm_status(config, messages):

176
packstack/plugins/nova_300.py
View File

@ -27,15 +27,10 @@ from packstack.installer import utils
from packstack.installer import validators
from packstack.modules import common
from packstack.modules.common import filtered_hosts
from packstack.modules.documentation import update_params_usage
from packstack.modules.shortcuts import get_mq
from packstack.modules.ospluginutils import appendManifestFile
from packstack.modules.ospluginutils import prependManifestFile
from packstack.modules.ospluginutils import createFirewallResources
from packstack.modules.ospluginutils import deliver_ssl_file
from packstack.modules.ospluginutils import getManifestTemplate
from packstack.modules.ospluginutils import generate_ssl_cert
from packstack.modules.ospluginutils import manifestfiles
# ------------- Nova Packstack Plugin Initialization --------------
@ -392,35 +387,29 @@ def initSequences(controller):
return
if controller.CONF['CONFIG_NEUTRON_INSTALL'] == 'y':
network_title = ('Adding OpenStack Network-related '
'Nova manifest entries')
network_title = ('Preparing OpenStack Network-related '
'Nova entries')
network_function = create_neutron_manifest
else:
network_title = 'Adding Nova Network manifest entries'
network_title = 'Preparing Nova Network entries'
network_function = create_network_manifest
novaapisteps = [
{'title': 'Adding Nova API manifest entries',
{'title': 'Preparing Nova API entries',
'functions': [create_api_manifest]},
{'title': 'Adding Nova Keystone manifest entries',
'functions': [create_keystone_manifest]},
{'title': 'Adding Nova Cert manifest entries',
'functions': [create_cert_manifest]},
{'title': 'Adding Nova Conductor manifest entries',
'functions': [create_conductor_manifest]},
{'title': 'Creating ssh keys for Nova migration',
'functions': [create_ssh_keys]},
{'title': 'Gathering ssh host keys for Nova migration',
'functions': [gather_host_keys]},
{'title': 'Adding Nova Compute manifest entries',
{'title': 'Preparing Nova Compute entries',
'functions': [create_compute_manifest]},
{'title': 'Adding Nova Scheduler manifest entries',
{'title': 'Preparing Nova Scheduler entries',
'functions': [create_sched_manifest]},
{'title': 'Adding Nova VNC Proxy manifest entries',
{'title': 'Preparing Nova VNC Proxy entries',
'functions': [create_vncproxy_manifest]},
{'title': network_title,
'functions': [network_function]},
{'title': 'Adding Nova Common manifest entries',
{'title': 'Preparing Nova Common entries',
'functions': [create_common_manifest]},
]
@ -540,8 +529,6 @@ def create_api_manifest(config, messages):
config['CONFIG_NEUTRON_METADATA_PW_UNQUOTED'] = None
else:
config['CONFIG_NEUTRON_METADATA_PW_UNQUOTED'] = "%s" % config['CONFIG_NEUTRON_METADATA_PW']
manifestfile = "%s_api_nova.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate("nova_api")
fw_details = dict()
key = "nova_api"
@ -552,27 +539,6 @@ def create_api_manifest(config, messages):
fw_details[key]['ports'] = ['8773', '8774', '8775']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_NOVA_API_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_NOVA_API_RULES')
appendManifestFile(manifestfile, manifestdata, 'novaapi')
def create_keystone_manifest(config, messages):
manifestfile = "%s_keystone.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate("keystone_nova")
appendManifestFile(manifestfile, manifestdata)
def create_cert_manifest(config, messages):
manifestfile = "%s_nova.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate("nova_cert")
appendManifestFile(manifestfile, manifestdata)
def create_conductor_manifest(config, messages):
manifestfile = "%s_nova.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate("nova_conductor")
appendManifestFile(manifestfile, manifestdata)
def create_compute_manifest(config, messages):
@ -594,8 +560,6 @@ def create_compute_manifest(config, messages):
'qemu+tcp://nova@%s/system'
)
ssh_hostkeys = ''
ssh_keys_details = {}
for host in compute_hosts:
try:
@ -617,7 +581,6 @@ def create_compute_manifest(config, messages):
ssh_keys_details[key]['type'] = host_key_type
config['SSH_KEYS'] = ssh_keys_details
ssh_hostkeys += getManifestTemplate("sshkey")
if config['CONFIG_VMWARE_BACKEND'] == 'y':
vcenters = [i.strip() for i in
@ -637,14 +600,13 @@ def create_compute_manifest(config, messages):
else:
vcenters = len(compute_hosts) * [vcenters[0]]
vmware_clusters = dict(zip(compute_hosts, vcenters))
config['CONFIG_VCENTER_CLUSTERS'] = vmware_clusters
for host in compute_hosts:
if config['CONFIG_IRONIC_INSTALL'] == 'y':
cm = 'ironic.nova.compute.manager.ClusteredComputeManager'
config['CONFIG_NOVA_COMPUTE_MANAGER'] = cm
manifestdata = getManifestTemplate("nova_compute")
fw_details = dict()
cf_fw_qemu_mig_key = "FIREWALL_NOVA_QEMU_MIG_RULES_%s" % host
for c_host in compute_hosts:
@ -657,31 +619,8 @@ def create_compute_manifest(config, messages):
fw_details[key]['proto'] = "tcp"
config[cf_fw_qemu_mig_key] = fw_details
manifestdata += createFirewallResources(cf_fw_qemu_mig_key)
if config['CONFIG_VMWARE_BACKEND'] == 'y':
manifestdata += ("\n$nova_vcenter_cluster_name = '%s'\n" %
vmware_clusters[host])
manifestdata += getManifestTemplate("nova_compute_vmware.pp")
elif config['CONFIG_IRONIC_INSTALL'] == 'y':
manifestdata += getManifestTemplate("nova_compute_ironic.pp")
else:
manifestdata += getManifestTemplate("nova_compute_libvirt.pp")
if (config['CONFIG_VMWARE_BACKEND'] != 'y' and
config['CONFIG_CINDER_INSTALL'] == 'y' and
'gluster' in config['CONFIG_CINDER_BACKEND']):
manifestdata += getManifestTemplate("nova_gluster")
if (config['CONFIG_VMWARE_BACKEND'] != 'y' and
config['CONFIG_CINDER_INSTALL'] == 'y' and
'nfs' in config['CONFIG_CINDER_BACKEND']):
manifestdata += getManifestTemplate("nova_nfs")
manifestfile = "%s_nova.pp" % host
if config['CONFIG_NEUTRON_INSTALL'] != 'y':
if host not in network_hosts:
manifestdata += getManifestTemplate('nova_compute_flat')
key = 'CONFIG_NOVA_COMPUTE_PRIVIF'
if not config[key].strip():
config[key] = dummy_interface(host)
@ -711,10 +650,6 @@ def create_compute_manifest(config, messages):
generate_ssl_cert(config, host, service, ssl_key_file,
ssl_cert_file)
mq_template = get_mq(config, "nova_ceilometer")
manifestdata += getManifestTemplate(mq_template)
manifestdata += getManifestTemplate("nova_ceilometer")
fw_details = dict()
key = "nova_compute"
fw_details.setdefault(key, {})
@ -725,12 +660,6 @@ def create_compute_manifest(config, messages):
fw_details[key]['proto'] = "tcp"
config['FIREWALL_NOVA_COMPUTE_RULES'] = fw_details
manifestdata += "\n" + createFirewallResources(
'FIREWALL_NOVA_COMPUTE_RULES'
)
manifestdata += "\n" + ssh_hostkeys
appendManifestFile(manifestfile, manifestdata)
def create_network_manifest(config, messages):
global compute_hosts, network_hosts
@ -768,28 +697,11 @@ def create_network_manifest(config, messages):
net_size = 2 ** (32 - int(routing_prefix))
config['CONFIG_NOVA_NETWORK_FIXEDSIZE'] = str(net_size)
manifestfile = "%s_nova.pp" % host
manifestdata = getManifestTemplate("nova_network")
# Restart libvirt if we deploy nova network on compute
if host in compute_hosts:
manifestdata += getManifestTemplate("nova_network_libvirt")
# in multihost mode each compute host runs nova-api-metadata
if multihost and host != api_host and host in compute_hosts:
manifestdata += getManifestTemplate("nova_metadata")
appendManifestFile(manifestfile, manifestdata)
def create_sched_manifest(config, messages):
manifestfile = "%s_nova.pp" % config['CONFIG_CONTROLLER_HOST']
if config['CONFIG_IRONIC_INSTALL'] == 'y':
manifestdata = getManifestTemplate("nova_sched_ironic.pp")
ram_alloc = '1.0'
config['CONFIG_NOVA_SCHED_RAM_ALLOC_RATIO'] = ram_alloc
manifestdata += getManifestTemplate("nova_sched.pp")
else:
manifestdata = getManifestTemplate("nova_sched.pp")
appendManifestFile(manifestfile, manifestdata)
def create_vncproxy_manifest(config, messages):
@ -820,10 +732,6 @@ def create_vncproxy_manifest(config, messages):
generate_ssl_cert(config, ssl_host, service, ssl_key_file,
ssl_cert_file)
manifestfile = "%s_nova.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate("nova_vncproxy")
appendManifestFile(manifestfile, manifestdata)
def create_common_manifest(config, messages):
global compute_hosts, network_hosts
@ -834,45 +742,34 @@ def create_common_manifest(config, messages):
dbacces_hosts = set([config.get('CONFIG_CONTROLLER_HOST')])
dbacces_hosts |= network_hosts
for manifestfile, marker in manifestfiles.getFiles():
for host in filtered_hosts(config):
pw_in_sqlconn = False
if manifestfile.endswith("_nova.pp"):
host, manifest = manifestfile.split('_', 1)
host = host.strip()
host = host.strip()
if host in compute_hosts and host not in dbacces_hosts:
# we should omit password in case we are installing only
# nova-compute to the host
perms = "nova"
pw_in_sqlconn = False
else:
perms = "nova:%s" % config['CONFIG_NOVA_DB_PW']
pw_in_sqlconn = True
if host in compute_hosts and host not in dbacces_hosts:
# we should omit password in case we are installing only
# nova-compute to the host
perms = "nova"
pw_in_sqlconn = False
else:
perms = "nova:%s" % config['CONFIG_NOVA_DB_PW']
pw_in_sqlconn = True
mariadb_host_url = config['CONFIG_MARIADB_HOST_URL']
sqlconn = "mysql+pymysql://%s@%s/nova" % (perms, mariadb_host_url)
if pw_in_sqlconn:
config['CONFIG_NOVA_SQL_CONN_PW'] = sqlconn
else:
config['CONFIG_NOVA_SQL_CONN_NOPW'] = sqlconn
mariadb_host_url = config['CONFIG_MARIADB_HOST_URL']
sqlconn = "mysql+pymysql://%s@%s/nova" % (perms, mariadb_host_url)
if pw_in_sqlconn:
config['CONFIG_NOVA_SQL_CONN_PW'] = sqlconn
else:
config['CONFIG_NOVA_SQL_CONN_NOPW'] = sqlconn
# for nova-network in multihost mode each compute host is metadata
# host otherwise we use api host
if (network_type == 'nova' and network_multi and
host in compute_hosts):
metadata = host
else:
metadata = config['CONFIG_CONTROLLER_HOST']
config['CONFIG_NOVA_METADATA_HOST'] = metadata
data = getManifestTemplate(get_mq(config, "nova_common"))
if pw_in_sqlconn:
data += getManifestTemplate("nova_common_pw")
else:
data += getManifestTemplate("nova_common_nopw")
# We need to have class nova before class nova::api, so prepend
# instead of append
prependManifestFile(os.path.split(manifestfile)[1], data)
# for nova-network in multihost mode each compute host is metadata
# host otherwise we use api host
if (network_type == 'nova' and network_multi and
host in compute_hosts):
metadata = host
else:
metadata = config['CONFIG_CONTROLLER_HOST']
config['CONFIG_NOVA_METADATA_HOST'] = metadata
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
nova_hosts = compute_hosts
@ -899,8 +796,3 @@ def create_neutron_manifest(config, messages):
else:
virt_driver = 'nova.virt.libvirt.vif.LibvirtGenericVIFDriver'
config['CONFIG_NOVA_LIBVIRT_VIF_DRIVER'] = virt_driver
for manifestfile, marker in manifestfiles.getFiles():
if manifestfile.endswith("_nova.pp"):
data = getManifestTemplate("nova_neutron")
appendManifestFile(os.path.split(manifestfile)[1], data)

9
packstack/plugins/openstack_client_400.py
View File

@ -20,9 +20,6 @@ import os
from packstack.installer import utils
from packstack.modules.ospluginutils import appendManifestFile
from packstack.modules.ospluginutils import getManifestTemplate
# ------------- OpenStack Client Packstack Plugin Initialization --------------
PLUGIN_NAME = "OS-Client"
@ -44,7 +41,7 @@ def initSequences(controller):
return
osclientsteps = [
{'title': 'Adding OpenStack Client manifest entries',
{'title': 'Preparing OpenStack Client entries',
'functions': [create_manifest]}
]
controller.addSequence("Installing OpenStack Client", [], [],
@ -55,7 +52,6 @@ def initSequences(controller):
def create_manifest(config, messages):
client_host = config['CONFIG_CONTROLLER_HOST'].strip()
manifestfile = "%s_osclient.pp" % client_host
server = utils.ScriptRunner(client_host)
server.append('echo $HOME')
@ -72,9 +68,6 @@ def create_manifest(config, messages):
root_home != homedir)
config['NO_ROOT_USER_ALLINONE'] = no_root_allinone and True or False
manifestdata = getManifestTemplate("openstack_client")
appendManifestFile(manifestfile, manifestdata)
msg = ("File %s/keystonerc_admin has been created on OpenStack client host"
" %s. To use the command line tools you need to source the file.")
messages.append(msg % (root_home, client_host))

29
packstack/plugins/prescript_000.py
View File

@ -33,8 +33,6 @@ from packstack.installer import validators
from packstack.modules.common import filtered_hosts
from packstack.modules.common import is_all_in_one
from packstack.modules.documentation import update_params_usage
from packstack.modules.ospluginutils import appendManifestFile
from packstack.modules.ospluginutils import getManifestTemplate
# ------------- Prescript Packstack Plugin Initialization --------------
@ -946,7 +944,7 @@ def initSequences(controller):
'functions': [server_prep]},
{'title': 'Pre installing Puppet and discovering hosts\' details',
'functions': [preinstall_and_discover]},
{'title': 'Adding pre install manifest entries',
{'title': 'Preparing pre-install entries',
'functions': [create_manifest]},
]
@ -1458,11 +1456,6 @@ def create_manifest(config, messages):
else:
config['CONFIG_STORAGE_HOST_URL'] = config['CONFIG_STORAGE_HOST']
for hostname in filtered_hosts(config):
manifestfile = "%s_prescript.pp" % hostname
manifestdata = getManifestTemplate("prescript")
appendManifestFile(manifestfile, manifestdata)
def create_ntp_manifest(config, messages):
srvlist = [i.strip()
@ -1472,23 +1465,3 @@ def create_ntp_manifest(config, messages):
definiton = '\n'.join(['server %s' % i for i in srvlist])
config['CONFIG_NTP_SERVER_DEF'] = '%s\n' % definiton
marker = uuid.uuid4().hex[:16]
for hostname in filtered_hosts(config):
hostnfo = config['HOST_DETAILS'][hostname]
releaseos = hostnfo['operatingsystem']
releasever = hostnfo['operatingsystemmajrelease']
# Configure chrony for Fedora or RHEL/CentOS 7
if releaseos == 'Fedora' or releasever == '7':
manifestdata = getManifestTemplate('chrony')
appendManifestFile('%s_chrony.pp' % hostname,
manifestdata,
marker=marker)
# For previous versions, configure ntpd
else:
manifestdata = getManifestTemplate('ntpd')
appendManifestFile('%s_ntpd.pp' % hostname,
manifestdata,
marker=marker)

57
packstack/plugins/provision_700.py
View File

@ -22,8 +22,6 @@ from packstack.installer import validators
from packstack.installer import processors
from packstack.modules.documentation import update_params_usage
from packstack.modules.ospluginutils import appendManifestFile
from packstack.modules.ospluginutils import getManifestTemplate
# ------------- Provision Packstack Plugin Initialization --------------
@ -381,58 +379,3 @@ def initConfig(controller):
def initSequences(controller):
config = controller.CONF
if (config['CONFIG_PROVISION_DEMO'] != "y" and
config['CONFIG_PROVISION_TEMPEST'] != "y"):
return
provision_steps = [
{'title': 'Adding Provisioning manifest entries',
'functions': [create_provision_manifest]},
{'title': 'Adding Provisioning Glance manifest entries',
'functions': [create_storage_manifest]},
]
if (config['CONFIG_PROVISION_TEMPEST'] == "y" or
config['CONFIG_PROVISION_DEMO'] == "y"):
provision_steps.append(
{'title': 'Adding Provisioning Demo bridge manifest entries',
'functions': [create_bridge_manifest]}
)
if config['CONFIG_PROVISION_TEMPEST'] == "y":
provision_steps.append(
{'title': 'Adding Provisioning Tempest manifest entries',
'functions': [create_tempest_manifest]}
)
controller.addSequence("Provisioning for Demo and Testing Usage",
[], [], provision_steps)
# -------------------------- step functions --------------------------
def create_provision_manifest(config, messages):
manifest_file = '%s_provision.pp' % config['CONFIG_CONTROLLER_HOST']
manifest_data = getManifestTemplate("provision")
appendManifestFile(manifest_file, manifest_data, 'provision')
def create_bridge_manifest(config, messages):
for host in utils.split_hosts(config['CONFIG_NETWORK_HOSTS']):
manifest_file = '{}_provision_bridge.pp'.format(host)
manifest_data = getManifestTemplate("provision_bridge")
appendManifestFile(manifest_file, manifest_data, 'bridge')
def create_storage_manifest(config, messages):
if config['CONFIG_GLANCE_INSTALL'] == 'y':
template = "provision_glance"
manifest_file = '%s_provision_glance' % config['CONFIG_STORAGE_HOST']
manifest_data = getManifestTemplate(template)
appendManifestFile(manifest_file, manifest_data, 'provision')
def create_tempest_manifest(config, messages):
manifest_file = ('%s_provision_tempest.pp' %
config['CONFIG_TEMPEST_HOST'])
manifest_data = getManifestTemplate("provision_tempest")
appendManifestFile(manifest_file, manifest_data, 'tempest')

26
packstack/plugins/puppet_950.py
View File

@ -25,9 +25,12 @@ from packstack.installer import utils
from packstack.installer import basedefs
from packstack.installer.exceptions import PuppetError
from packstack.installer.exceptions import ScriptRuntimeError
from packstack.installer.utils import split_hosts
from packstack.modules.common import filtered_hosts
from packstack.modules.ospluginutils import appendManifestFile
from packstack.modules.ospluginutils import generateHieraDataFile
from packstack.modules.ospluginutils import getManifestTemplate
from packstack.modules.ospluginutils import manifestfiles
from packstack.modules.puppet import validate_logfile
from packstack.modules.puppet import scan_logfile
@ -61,6 +64,8 @@ def initSequences(controller):
controller.insertSequence("Clean Up", [], [], puppetpresteps, index=0)
puppetsteps = [
{'title': 'Preparing Puppet manifests',
'functions': [prepare_puppet_modules]},
{'title': 'Copying Puppet modules and manifests',
'functions': [copy_puppet_modules]},
{'title': 'Applying Puppet manifests',
@ -237,10 +242,29 @@ def apply_puppet_manifest(config, messages):
server.append(cmd)
server.execute(log=logcmd)
# wait for outstanding puppet runs befor exiting
# wait for outstanding puppet runs before exiting
wait_for_puppet(currently_running, messages)
def prepare_puppet_modules(config, messages):
network_hosts = split_hosts(config['CONFIG_NETWORK_HOSTS'])
compute_hosts = split_hosts(config['CONFIG_COMPUTE_HOSTS'])
manifestdata = getManifestTemplate("controller")
manifestfile = "%s_controller.pp" % config['CONFIG_CONTROLLER_HOST']
appendManifestFile(manifestfile, manifestdata, marker='controller')
for host in network_hosts:
manifestdata = getManifestTemplate("network")
manifestfile = "%s_network.pp" % host
appendManifestFile(manifestfile, manifestdata, marker='network')
for host in compute_hosts:
manifestdata = getManifestTemplate("compute")
manifestfile = "%s_compute.pp" % host
appendManifestFile(manifestfile, manifestdata, marker='compute')
def finalize(config, messages):
for hostname in filtered_hosts(config):
server = utils.ScriptRunner(hostname)

27
packstack/plugins/sahara_900.py
View File

@ -22,10 +22,6 @@ from packstack.installer import validators
from packstack.installer import processors
from packstack.modules.documentation import update_params_usage
from packstack.modules.shortcuts import get_mq
from packstack.modules.ospluginutils import appendManifestFile
from packstack.modules.ospluginutils import createFirewallResources
from packstack.modules.ospluginutils import getManifestTemplate
from packstack.modules.ospluginutils import generate_ssl_cert
# ------------------ Sahara installer initialization ------------------
@ -78,25 +74,17 @@ def initSequences(controller):
return
saharasteps = [
{"title": "Adding Sahara Keystone manifest entries",
"functions": [create_keystone_manifest]},
{"title": "Adding Sahara manifest entries",
{"title": "Preparing Sahara entries",
"functions": [create_manifest]},
]
controller.addSequence("Installing Sahara", [], [], saharasteps)
# -------------------------- step functions --------------------------
def create_keystone_manifest(config, messages):
def create_manifest(config, messages):
if config['CONFIG_UNSUPPORTED'] != 'y':
config['CONFIG_SAHARA_HOST'] = config['CONFIG_CONTROLLER_HOST']
manifestfile = "%s_keystone.pp" % config['CONFIG_SAHARA_HOST']
manifestdata = getManifestTemplate("keystone_sahara")
appendManifestFile(manifestfile, manifestdata)
def create_manifest(config, messages):
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
ssl_host = config['CONFIG_SAHARA_HOST']
ssl_cert_file = config['CONFIG_SAHARA_SSL_CERT'] = (
@ -109,12 +97,6 @@ def create_manifest(config, messages):
generate_ssl_cert(config, ssl_host, service, ssl_key_file,
ssl_cert_file)
manifestfile = "%s_sahara.pp" % config['CONFIG_STORAGE_HOST']
manifestdata = getManifestTemplate(get_mq(config, "sahara"))
manifestdata += getManifestTemplate("sahara.pp")
if config['CONFIG_CEILOMETER_INSTALL'] == 'y':
manifestdata += getManifestTemplate('sahara_ceilometer')
fw_details = dict()
key = "sahara-api"
fw_details.setdefault(key, {})
@ -124,6 +106,3 @@ def create_manifest(config, messages):
fw_details[key]["ports"] = ["8386"]
fw_details[key]["proto"] = "tcp"
config["FIREWALL_SAHARA_CFN_RULES"] = fw_details
manifestdata += createFirewallResources("FIREWALL_SAHARA_CFN_RULES")
appendManifestFile(manifestfile, manifestdata, marker='sahara')

5
packstack/plugins/ssl_001.py
View File

@ -215,8 +215,9 @@ def create_self_signed_cert(config, messages):
# for now hardcoded place for landing CACert file on servers
config['CONFIG_SSL_CACERT'] = '/etc/pki/tls/certs/packstack_cacert.crt'
if (config['CONFIG_AMQP_ENABLE_SSL'] != 'y' and
config["CONFIG_HORIZON_SSL"] != 'y'):
# if (config['CONFIG_AMQP_ENABLE_SSL'] != 'y' and
# config["CONFIG_HORIZON_SSL"] != 'y'):
if config['CONFIG_AMQP_ENABLE_SSL'] != 'y':
return
config['CONFIG_SSL_CERT_DIR'] = os.path.expanduser(

104
packstack/plugins/swift_600.py
View File

@ -16,7 +16,6 @@
Installs and configures Swift
"""
import os
import re
import uuid
import netaddr
@ -29,10 +28,6 @@ from packstack.installer import utils
from packstack.installer.utils import split_hosts
from packstack.modules.documentation import update_params_usage
from packstack.modules.ospluginutils import appendManifestFile
from packstack.modules.ospluginutils import createFirewallResources
from packstack.modules.ospluginutils import getManifestTemplate
from packstack.modules.ospluginutils import manifestfiles
# ------------- Swift Packstack Plugin Initialization --------------
@ -146,16 +141,12 @@ def initSequences(controller):
return
steps = [
{'title': 'Adding Swift Keystone manifest entries',
'functions': [create_keystone_manifest]},
{'title': 'Adding Swift builder manifest entries',
{'title': 'Preparing Swift builder entries',
'functions': [create_builder_manifest]},
{'title': 'Adding Swift storage manifest entries',
'functions': [create_storage_manifest]},
{'title': 'Adding Swift common manifest entries',
'functions': [create_common_manifest]},
{'title': 'Adding Swift proxy manifest entries',
{'title': 'Preparing Swift proxy entries',
'functions': [create_proxy_manifest]},
{'title': 'Preparing Swift storage entries',
'functions': [create_storage_manifest]},
]
controller.addSequence("Installing OpenStack Swift", [], [], steps)
@ -207,6 +198,9 @@ def parse_devices(config):
if not devices:
devices.append({'device': None, 'zone': 1,
'device_name': 'swiftloopback'})
config['CONFIG_SWIFT_LOOPBACK'] = 'y'
else:
config['CONFIG_SWIFT_LOOPBACK'] = 'n'
return devices
@ -245,17 +239,10 @@ def get_storage_size(config):
# -------------------------- step functions --------------------------
def create_keystone_manifest(config, messages):
# parse devices in first step
global devices
devices = parse_devices(config)
manifestfile = "%s_keystone.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate("keystone_swift")
appendManifestFile(manifestfile, manifestdata)
def create_builder_manifest(config, messages):
global devices
devices = parse_devices(config)
# The ring file should be built and distributed before the storage services
# come up. Specifically the replicator crashes if the ring isn't present
@ -267,28 +254,28 @@ def create_builder_manifest(config, messages):
' weight => 10, }\n')
return fmt % (dev_type, host, dev_port, devicename, zone)
manifestfile = "%s_ring_swift.pp" % config['CONFIG_STORAGE_HOST']
manifestdata = getManifestTemplate("swift_builder")
# Add each device to the ring
devicename = 0
for device in devices:
host = config['CONFIG_STORAGE_HOST_URL']
devicename = device['device_name']
zone = device['zone']
for dev_type, dev_port in [('ring_object_device', 6000),
('ring_container_device', 6001),
('ring_account_device', 6002)]:
manifestdata += device_def(dev_type, host, dev_port, devicename,
zone)
appendManifestFile(manifestfile, manifestdata, 'swiftbuilder')
for configkey, dev_type, dev_port in (
[('SWIFT_RING_OBJECT_DEVICES', 'ring_object_device', 6000),
('SWIFT_RING_CONTAINER_DEVICES', 'ring_container_device', 6001),
('SWIFT_RING_ACCOUNT_DEVICES', 'ring_account_device', 6002)]):
swift_dev_details = dict()
host = utils.force_ip(config['CONFIG_STORAGE_HOST_URL'])
fstype = config["CONFIG_SWIFT_STORAGE_FSTYPE"]
for device in devices:
devicename = device['device_name']
key = "dev_%s_%s" % (host, devicename)
swift_dev_details.setdefault(key, {})
zone = device['zone']
swift_dev_details[key]['name'] = "%s:%s/%s" % (host, dev_port,
devicename)
swift_dev_details[key]['weight'] = "%s" % 10
swift_dev_details[key]['zone'] = "%s" % zone
config[configkey] = swift_dev_details
def create_proxy_manifest(config, messages):
manifestfile = "%s_swift.pp" % config['CONFIG_STORAGE_HOST']
manifestdata = getManifestTemplate("swift_proxy")
if config['CONFIG_CEILOMETER_INSTALL'] == 'y':
manifestdata += getManifestTemplate("swift_ceilometer_rabbitmq")
fw_details = dict()
key = "swift_proxy"
fw_details.setdefault(key, {})
@ -299,31 +286,28 @@ def create_proxy_manifest(config, messages):
fw_details[key]['proto'] = "tcp"
config['FIREWALL_SWIFT_PROXY_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_SWIFT_PROXY_RULES')
appendManifestFile(manifestfile, manifestdata)
def create_storage_manifest(config, messages):
global devices
manifestfile = "%s_swift.pp" % config['CONFIG_STORAGE_HOST']
manifestdata = getManifestTemplate("swift_storage")
devicename = 0
swift_dev_details = dict()
host = utils.force_ip(config['CONFIG_STORAGE_HOST_URL'])
fstype = config["CONFIG_SWIFT_STORAGE_FSTYPE"]
# this need to happen once per storage device
for device in devices:
host = config['CONFIG_STORAGE_HOST']
devicename = device['device_name']
device = device['device']
fstype = config["CONFIG_SWIFT_STORAGE_FSTYPE"]
if device:
check_device(host, device)
manifestdata += ('\nswift::storage::%s { "%s":\n'
' device => "%s",\n}\n'
% (fstype, devicename, device))
else:
# create loopback device if none was specified
if device['device'] is None:
config['CONFIG_SWIFT_STORAGE_SEEK'] = get_storage_size(config)
manifestdata += "\n" + getManifestTemplate("swift_loopback")
else:
devicename = device['device_name']
devicedev = device['device']
key = "dev_%s_%s" % (host, devicename)
swift_dev_details.setdefault(key, {})
swift_dev_details[key]['device'] = "%s" % devicename
swift_dev_details[key]['dev'] = "%s" % devicedev
swift_dev_details[key]['fstype'] = "%s" % fstype
config['CONFIG_SWIFT_STORAGE_DEVICES'] = swift_dev_details
# set allowed hosts for firewall
hosts = set([config['CONFIG_STORAGE_HOST']])
@ -340,13 +324,3 @@ def create_storage_manifest(config, messages):
fw_details[key]['ports'] = ['6000', '6001', '6002', '873']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_SWIFT_STORAGE_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_SWIFT_STORAGE_RULES')
appendManifestFile(manifestfile, manifestdata)
def create_common_manifest(config, messages):
for manifestfile, marker in manifestfiles.getFiles():
if manifestfile.endswith("_swift.pp"):
data = getManifestTemplate("swift_common")
appendManifestFile(os.path.split(manifestfile)[1], data)

26
packstack/plugins/trove_850.py
View File

@ -22,10 +22,6 @@ from packstack.installer import validators
from packstack.installer import processors
from packstack.modules.documentation import update_params_usage
from packstack.modules.shortcuts import get_mq
from packstack.modules.ospluginutils import appendManifestFile
from packstack.modules.ospluginutils import createFirewallResources
from packstack.modules.ospluginutils import getManifestTemplate
from packstack.modules.ospluginutils import generate_ssl_cert
# ------------------ Trove Packstack Plugin initialization ------------------
@ -126,23 +122,14 @@ def initSequences(controller):
return
steps = [
{'title': 'Adding Trove Keystone manifest entries',
'functions': [create_keystone_manifest]},
{'title': 'Adding Trove manifest entries',
'functions': [create_manifest]},
{'title': 'Preparing Trove entries',
'functions': [create_manifest]}
]
controller.addSequence("Installing Trove", [], [], steps)
# ------------------------ step functions --------------------------
def create_keystone_manifest(config, messages):
manifestfile = "%s_keystone.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate("keystone_trove.pp")
appendManifestFile(manifestfile, manifestdata)
def create_manifest(config, messages):
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
ssl_cert_file = config['CONFIG_TROVE_SSL_CERT'] = (
@ -160,10 +147,6 @@ def create_manifest(config, messages):
config['CONFIG_TROVE_NOVA_PW'] == ''):
config['CONFIG_TROVE_NOVA_PW'] = config['CONFIG_TROVE_KS_PW']
manifestfile = "%s_trove.pp" % config["CONFIG_CONTROLLER_HOST"]
manifestdata = getManifestTemplate(get_mq(config, "trove"))
manifestdata += getManifestTemplate('trove.pp')
fw_details = dict()
key = "trove"
fw_details.setdefault(key, {})
@ -173,6 +156,3 @@ def create_manifest(config, messages):
fw_details[key]['ports'] = ['8779']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_TROVE_API_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_TROVE_API_RULES')
appendManifestFile(manifestfile, manifestdata, marker='trove')

55
packstack/puppet/templates/amqp.pp → packstack/puppet/modules/packstack/manifests/amqp.pp
View File

@ -1,17 +1,8 @@
$amqp = hiera('CONFIG_AMQP_BACKEND')
$amqp_enable_ssl = hiera('CONFIG_AMQP_SSL_ENABLED')
case $amqp {
'rabbitmq': {
enable_rabbitmq { 'rabbitmq': }
}
default: {}
}
define enable_rabbitmq {
create_resources(packstack::firewall, hiera('FIREWALL_AMQP_RULES', {}))
$amqp_enable_ssl = hiera('CONFIG_AMQP_SSL_ENABLED')
if $::amqp_enable_ssl {
if $amqp_enable_ssl {
$kombu_ssl_ca_certs = hiera('CONFIG_AMQP_SSL_CACERT_FILE', undef)
$kombu_ssl_keyfile = '/etc/pki/tls/private/ssl_amqp.key'
$kombu_ssl_certfile = '/etc/pki/tls/certs/ssl_amqp.crt'
@ -28,7 +19,7 @@ define enable_rabbitmq {
port => undef,
ssl_port => hiera('CONFIG_AMQP_CLIENTS_PORT'),
ssl_only => true,
ssl => $::amqp_enable_ssl,
ssl => true,
ssl_cacert => $kombu_ssl_ca_certs,
ssl_cert => $kombu_ssl_certfile,
ssl_key => $kombu_ssl_keyfile,
@ -40,22 +31,22 @@ define enable_rabbitmq {
# FIXME: it's ugly to not to require client certs
ssl_fail_if_no_peer_cert => true,
config_variables => {
'tcp_listen_options' => '[binary,{packet, raw},{reuseaddr, true},{backlog, 128},{nodelay, true},{exit_on_close, false},{keepalive, true}]',
'loopback_users' => '[]',
'tcp_listen_options' => '[binary,{packet, raw},{reuseaddr, true},{backlog, 128},{nodelay, true},{exit_on_close, false},{keepalive, true}]',
'loopback_users' => '[]',
},
}
} else {
class { '::rabbitmq':
port => hiera('CONFIG_AMQP_CLIENTS_PORT'),
ssl => $::amqp_enable_ssl,
ssl => false,
default_user => hiera('CONFIG_AMQP_AUTH_USER'),
default_pass => hiera('CONFIG_AMQP_AUTH_PASSWORD'),
package_provider => 'yum',
repos_ensure => false,
admin_enable => false,
config_variables => {
'tcp_listen_options' => '[binary,{packet, raw},{reuseaddr, true},{backlog, 128},{nodelay, true},{exit_on_close, false},{keepalive, true}]',
'loopback_users' => '[]',
'tcp_listen_options' => '[binary,{packet, raw},{reuseaddr, true},{backlog, 128},{nodelay, true},{exit_on_close, false},{keepalive, true}]',
'loopback_users' => '[]',
},
}
}
@ -68,5 +59,31 @@ define enable_rabbitmq {
group => 'rabbitmq',
mode => '0640',
}
}
class packstack::amqp ()
{
$amqp = hiera('CONFIG_AMQP_BACKEND')
case $amqp {
'rabbitmq': {
enable_rabbitmq { 'rabbitmq': }
# The following kernel parameters help alleviate some RabbitMQ
# connection issues
sysctl::value { 'net.ipv4.tcp_keepalive_intvl':
value => '1',
}
sysctl::value { 'net.ipv4.tcp_keepalive_probes':
value => '5',
}
sysctl::value { 'net.ipv4.tcp_keepalive_time':
value => '5',
}
}
default: {}
}
}

36
packstack/puppet/modules/packstack/manifests/aodh.pp Normal file
View File

@ -0,0 +1,36 @@
class packstack::aodh ()
{
create_resources(packstack::firewall, hiera('FIREWALL_AODH_RULES', {}))
$config_aodh_coordination_backend = hiera('CONFIG_CEILOMETER_COORDINATION_BACKEND')
if $config_aodh_coordination_backend == 'redis' {
$redis_host = hiera('CONFIG_REDIS_HOST_URL')
$redis_port = hiera('CONFIG_REDIS_PORT')
$coordination_url = "redis://${redis_host}:${redis_port}"
} else {
$coordination_url = ''
}
class { '::aodh::api':
enabled => true,
keystone_password => hiera('CONFIG_AODH_KS_PW'),
keystone_identity_uri => hiera('CONFIG_KEYSTONE_ADMIN_URL'),
service_name => 'httpd',
}
class { '::aodh::wsgi::apache':
workers => hiera('CONFIG_SERVICE_WORKERS'),
ssl => false
}
class { '::aodh::auth':
auth_password => hiera('CONFIG_AODH_KS_PW'),
}
class { '::aodh::evaluator':
coordination_url => $coordination_url,
}
class { '::aodh::notifier': }
class { '::aodh::listener': }
class { '::aodh::client': }
}

32
packstack/puppet/modules/packstack/manifests/aodh/rabbitmq.pp Normal file
View File

@ -0,0 +1,32 @@
class packstack::aodh::rabbitmq ()
{
$kombu_ssl_ca_certs = hiera('CONFIG_AMQP_SSL_CACERT_FILE', undef)
$kombu_ssl_keyfile = hiera('CONFIG_AODH_SSL_KEY', undef)
$kombu_ssl_certfile = hiera('CONFIG_AODH_SSL_CERT', undef)
if $kombu_ssl_keyfile {
$files_to_set_owner = [ $kombu_ssl_keyfile, $kombu_ssl_certfile ]
file { $files_to_set_owner:
owner => 'aodh',
group => 'aodh',
require => Package['openstack-aodh-common'],
}
File[$files_to_set_owner] ~> Service<| tag == 'aodh-service' |>
}
$config_mongodb_host = hiera('CONFIG_MONGODB_HOST_URL')
class { '::aodh':
verbose => true,
debug => hiera('CONFIG_DEBUG_MODE'),
rabbit_host => hiera('CONFIG_AMQP_HOST_URL'),
rabbit_port => hiera('CONFIG_AMQP_CLIENTS_PORT'),
rabbit_use_ssl => hiera('CONFIG_AMQP_SSL_ENABLED'),
rabbit_userid => hiera('CONFIG_AMQP_AUTH_USER'),
rabbit_password => hiera('CONFIG_AMQP_AUTH_PASSWORD'),
kombu_ssl_ca_certs => $kombu_ssl_ca_certs,
kombu_ssl_keyfile => $kombu_ssl_keyfile,
kombu_ssl_certfile => $kombu_ssl_certfile,
database_connection => "mongodb://${config_mongodb_host}:27017/aodh",
}
}

33
packstack/puppet/modules/packstack/manifests/apache.pp Normal file
View File

@ -0,0 +1,33 @@
class packstack::apache ()
{
include ::apache
if hiera('CONFIG_HORIZON_SSL') == 'y' {
ensure_packages(['mod_ssl'], {'ensure' => 'present'})
Package['mod_ssl'] -> Class['::apache']
apache::listen { '443': }
}
# Keystone port
apache::listen { '5000': }
# Keystone admin port
apache::listen { '35357': }
if hiera('CONFIG_CEILOMETER_INSTALL') == 'y' {
if hiera('CONFIG_CEILOMETER_SERVICE_NAME') == 'httpd' {
# Ceilometer port
apache::listen { '8777': }
}
}
if hiera('CONFIG_AODH_INSTALL') == 'y' {
# Aodh port
apache::listen { '8042': }
}
if hiera('CONFIG_GNOCCHI_INSTALL') == 'y' {
# Gnocchi port
apache::listen { '8041': }
}
}

80
packstack/puppet/modules/packstack/manifests/ceilometer.pp Normal file
View File

@ -0,0 +1,80 @@
class packstack::ceilometer ()
{
create_resources(packstack::firewall, hiera('FIREWALL_CEILOMETER_RULES', {}))
$config_mongodb_host = hiera('CONFIG_MONGODB_HOST_URL')
$config_ceilometer_coordination_backend = hiera('CONFIG_CEILOMETER_COORDINATION_BACKEND')
$config_ceilometer_metering_backend = hiera('CONFIG_CEILOMETER_METERING_BACKEND')
$config_gnocchi_host = hiera('CONFIG_KEYSTONE_HOST_URL')
if $config_ceilometer_coordination_backend == 'redis' {
$redis_host = hiera('CONFIG_REDIS_HOST_URL')
$redis_port = hiera('CONFIG_REDIS_PORT')
$coordination_url = "redis://${redis_host}:${redis_port}"
ensure_packages(['python-redis'], {'ensure' => 'present'})
} else {
$coordination_url = ''
}
if hiera('CONFIG_CEILOMETER_SERVICE_NAME') == 'ceilometer' {
$ceilometer_service_name = 'openstack-ceilometer-api'
} else {
$ceilometer_service_name = 'httpd'
}
class { '::ceilometer::db':
database_connection => "mongodb://${config_mongodb_host}:27017/ceilometer",
}
class { '::ceilometer::collector':
meter_dispatcher => $config_ceilometer_metering_backend,
}
if $config_ceilometer_metering_backend == 'gnocchi' {
include ::gnocchi::client
class { '::ceilometer::dispatcher::gnocchi':
filter_service_activity => false,
url => "http://${config_gnocchi_host}:8041",
archive_policy => 'high',
resources_definition_file => 'gnocchi_resources.yaml',
}
}
class { '::ceilometer::agent::notification': }
class { '::ceilometer::agent::auth':
auth_url => hiera('CONFIG_KEYSTONE_PUBLIC_URL_VERSIONLESS'),
auth_password => hiera('CONFIG_CEILOMETER_KS_PW'),
auth_region => hiera('CONFIG_KEYSTONE_REGION'),
}
class { '::ceilometer::agent::central':
coordination_url => $coordination_url,
}
$bind_host = hiera('CONFIG_IP_VERSION') ? {
'ipv6' => '::0',
default => '0.0.0.0',
# TO-DO(mmagr): Add IPv6 support when hostnames are used
}
class { '::ceilometer::api':
host => $bind_host,
keystone_auth_uri => hiera('CONFIG_KEYSTONE_PUBLIC_URL'),
keystone_identity_uri => hiera('CONFIG_KEYSTONE_ADMIN_URL'),
keystone_password => hiera('CONFIG_CEILOMETER_KS_PW'),
api_workers => hiera('CONFIG_SERVICE_WORKERS'),
service_name => $ceilometer_service_name,
}
if $ceilometer_service_name == 'httpd' {
class { '::ceilometer::wsgi::apache':
ssl => false,
}
}
}

8
packstack/puppet/modules/packstack/manifests/ceilometer/nova_disabled.pp Normal file
View File

@ -0,0 +1,8 @@
class packstack::ceilometer::nova_disabled ()
{
group { 'nova':
ensure => present,
}
Group['nova'] -> Class['ceilometer']
}

30
packstack/puppet/modules/packstack/manifests/ceilometer/rabbitmq.pp Normal file
View File

@ -0,0 +1,30 @@
class packstack::ceilometer::rabbitmq ()
{
$kombu_ssl_ca_certs = hiera('CONFIG_AMQP_SSL_CACERT_FILE', undef)
$kombu_ssl_keyfile = hiera('CONFIG_CEILOMETER_SSL_KEY', undef)
$kombu_ssl_certfile = hiera('CONFIG_CEILOMETER_SSL_CERT', undef)
if $kombu_ssl_keyfile {
$files_to_set_owner = [ $kombu_ssl_keyfile, $kombu_ssl_certfile ]
file { $files_to_set_owner:
owner => 'ceilometer',
group => 'ceilometer',
require => Package['openstack-ceilometer-common'],
}
File[$files_to_set_owner] ~> Service<| tag == 'ceilometer-service' |>
}
class { '::ceilometer':
metering_secret => hiera('CONFIG_CEILOMETER_SECRET'),
verbose => true,
debug => hiera('CONFIG_DEBUG_MODE'),
rabbit_host => hiera('CONFIG_AMQP_HOST_URL'),
rabbit_port => hiera('CONFIG_AMQP_CLIENTS_PORT'),
rabbit_use_ssl => hiera('CONFIG_AMQP_SSL_ENABLED'),
rabbit_userid => hiera('CONFIG_AMQP_AUTH_USER'),
rabbit_password => hiera('CONFIG_AMQP_AUTH_PASSWORD'),
kombu_ssl_ca_certs => $kombu_ssl_ca_certs,
kombu_ssl_keyfile => $kombu_ssl_keyfile,
kombu_ssl_certfile => $kombu_ssl_certfile,
}
}

101
packstack/puppet/modules/packstack/manifests/chrony.pp Normal file
View File

@ -0,0 +1,101 @@
class packstack::chrony ()
{
$cfg_ntp_server_def = hiera('CONFIG_NTP_SERVER_DEF')
$cfg_ntp_servers = hiera('CONFIG_NTP_SERVERS')
$config_content = "
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
${cfg_ntp_server_def}
# Ignore stratum in source selection.
stratumweight 0
# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift
# Enable kernel RTC synchronization.
rtcsync
# In first three updates step the system clock instead of slew
# if the adjustment is larger than 10 seconds.
makestep 10 3
# Allow NTP client access from local network.
#allow 192.168/16
# Listen for commands only on localhost.
bindcmdaddress 127.0.0.1
bindcmdaddress ::1
# Serve time even if not synchronized to any NTP server.
#local stratum 10
keyfile /etc/chrony.keys
# Specify the key used as password for chronyc.
commandkey 1
# Generate command key if missing.
generatecommandkey
# Disable logging of client accesses.
noclientlog
# Send a message to syslog if a clock adjustment is larger than 0.5 seconds.
logchange 0.5
logdir /var/log/chrony
#log measurements statistics tracking
"
package { 'chrony':
ensure => 'installed',
name => 'chrony',
}
package { 'ntpdate':
ensure => 'installed',
name => 'ntpdate',
}
file { 'chrony_conf':
ensure => file,
path => '/etc/chrony.conf',
mode => '0644',
content => $config_content,
}
exec { 'stop-chronyd':
path => '/bin:/usr/bin:/sbin:/usr/sbin',
command => 'systemctl stop chronyd.service',
onlyif => 'systemctl status chronyd.service'
}
# for cases where ntpd is running instead of default chronyd
service { 'ntpd':
ensure => stopped,
enable => false,
}
exec { 'ntpdate':
command => "/usr/sbin/ntpdate ${cfg_ntp_servers}",
tries => 3,
}
service { 'chronyd':
ensure => running,
enable => true,
name => 'chronyd',
hasstatus => true,
hasrestart => true,
}
Package['chrony'] ->
Package['ntpdate'] ->
File['chrony_conf'] ->
Exec['stop-chronyd'] ->
Service['ntpd'] ->
Exec['ntpdate'] ->
Service['chronyd']
}

61
packstack/puppet/modules/packstack/manifests/cinder.pp Normal file
View File

@ -0,0 +1,61 @@
class packstack::cinder ()
{
create_resources(packstack::firewall, hiera('FIREWALL_CINDER_RULES', {}))
create_resources(packstack::firewall, hiera('FIREWALL_CINDER_API_RULES', {}))
cinder_config {
'DEFAULT/glance_host': value => hiera('CONFIG_STORAGE_HOST_URL');
}
$bind_host = hiera('CONFIG_IP_VERSION') ? {
'ipv6' => '::0',
default => '0.0.0.0',
# TO-DO(mmagr): Add IPv6 support when hostnames are used
}
$cinder_keystone_url = regsubst(regsubst(hiera('CONFIG_KEYSTONE_PUBLIC_URL'),'/v2.0',''),'/v3','')
class { '::cinder::api':
bind_host => $bind_host,
keystone_password => hiera('CONFIG_CINDER_KS_PW'),
keystone_tenant => 'services',
keystone_user => 'cinder',
auth_uri => $cinder_keystone_url,
identity_uri => hiera('CONFIG_KEYSTONE_ADMIN_URL'),
nova_catalog_info => 'compute:nova:publicURL',
nova_catalog_admin_info => 'compute:nova:adminURL',
service_workers => hiera('CONFIG_SERVICE_WORKERS'),
}
class { '::cinder::scheduler': }
class { '::cinder::volume': }
class { '::cinder::client': }
$cinder_keystone_admin_username = hiera('CONFIG_KEYSTONE_ADMIN_USERNAME')
$cinder_keystone_admin_password = hiera('CONFIG_KEYSTONE_ADMIN_PW')
$cinder_keystone_auth_url = hiera('CONFIG_KEYSTONE_PUBLIC_URL')
$cinder_keystone_api = hiera('CONFIG_KEYSTONE_API_VERSION')
# Cinder::Type requires keystone credentials
Cinder::Type {
os_password => hiera('CONFIG_CINDER_KS_PW'),
os_tenant_name => 'services',
os_username => 'cinder',
os_auth_url => hiera('CONFIG_KEYSTONE_PUBLIC_URL'),
}
class { '::cinder::backends':
enabled_backends => hiera_array('CONFIG_CINDER_BACKEND'),
}
$db_purge = hiera('CONFIG_CINDER_DB_PURGE_ENABLE')
if $db_purge {
class { '::cinder::cron::db_purge':
hour => '*/24',
destination => '/dev/null',
age => 1
}
}
}

16
packstack/puppet/modules/packstack/manifests/cinder/backend/gluster.pp Normal file
View File

@ -0,0 +1,16 @@
class packstack::cinder::backend::gluster ()
{
ensure_packages(['glusterfs-fuse'], {'ensure' => 'present'})
cinder::backend::glusterfs { 'gluster':
glusterfs_shares => hiera_array('CONFIG_CINDER_GLUSTER_MOUNTS'),
require => Package['glusterfs-fuse'],
glusterfs_shares_config => '/etc/cinder/glusterfs_shares.conf',
}
cinder::type { 'glusterfs':
set_key => 'volume_backend_name',
set_value => 'gluster',
require => Class['cinder::api'],
}
}

96
packstack/puppet/modules/packstack/manifests/cinder/backend/lvm.pp Normal file
View File

@ -0,0 +1,96 @@
class packstack::cinder::backend::lvm ()
{
$create_cinder_volume = hiera('CONFIG_CINDER_VOLUMES_CREATE')
if $create_cinder_volume == 'y' {
# Find an available loop device
$loop_dev = chomp(generate('/usr/sbin/losetup', '-f'))
class { '::cinder::setup_test_volume':
size => hiera('CONFIG_CINDER_VOLUMES_SIZE'),
loopback_device => $loop_dev,
volume_path => '/var/lib/cinder',
volume_name => 'cinder-volumes',
}
# Add loop device on boot
$el_releases = ['RedHat', 'CentOS', 'Scientific']
if $::operatingsystem in $el_releases and (versioncmp($::operatingsystemmajrelease, '7') < 0) {
file_line{ 'rc.local_losetup_cinder_volume':
path => '/etc/rc.d/rc.local',
match => '^.*/var/lib/cinder/cinder-volumes.*$',
line => 'losetup -f /var/lib/cinder/cinder-volumes && service openstack-cinder-volume restart',
}
file { '/etc/rc.d/rc.local':
mode => '0755',
}
} else {
file { 'openstack-losetup':
path => '/usr/lib/systemd/system/openstack-losetup.service',
before => Service['openstack-losetup'],
notify => Exec['reload systemd files for cinder-volume'],
content => '[Unit]
Description=Setup cinder-volume loop device
DefaultDependencies=false
Before=openstack-cinder-volume.service
After=local-fs.target
[Service]
Type=oneshot
ExecStart=/usr/bin/sh -c \'/usr/sbin/losetup -j /var/lib/cinder/cinder-volumes | /usr/bin/grep /var/lib/cinder/cinder-volumes || /usr/sbin/losetup -f /var/lib/cinder/cinder-volumes\'
ExecStop=/usr/bin/sh -c \'/usr/sbin/losetup -j /var/lib/cinder/cinder-volumes | /usr/bin/cut -d : -f 1 | /usr/bin/xargs /usr/sbin/losetup -d\'
TimeoutSec=60
RemainAfterExit=yes
[Install]
RequiredBy=openstack-cinder-volume.service',
}
exec { 'reload systemd files for cinder-volume':
command => '/usr/bin/systemctl daemon-reload',
refreshonly => true,
before => Service['openstack-losetup'],
}
service { 'openstack-losetup':
ensure => running,
enable => true,
require => Class['cinder::setup_test_volume'],
}
}
}
else {
ensure_packages(['lvm2'], {'ensure' => 'present'})
}
file_line { 'snapshot_autoextend_threshold':
path => '/etc/lvm/lvm.conf',
match => '^\s*snapshot_autoextend_threshold +=.*',
line => ' snapshot_autoextend_threshold = 80',
require => Package['lvm2'],
}
file_line { 'snapshot_autoextend_percent':
path => '/etc/lvm/lvm.conf',
match => '^\s*snapshot_autoextend_percent +=.*',
line => ' snapshot_autoextend_percent = 20',
require => Package['lvm2'],
}
cinder::backend::iscsi { 'lvm':
iscsi_ip_address => hiera('CONFIG_STORAGE_HOST_URL'),
require => Package['lvm2'],
}
cinder::type { 'iscsi':
set_key => 'volume_backend_name',
set_value => 'lvm',
require => Class['cinder::api'],
}
}

133
packstack/puppet/modules/packstack/manifests/cinder/backend/netapp.pp Normal file
View File

@ -0,0 +1,133 @@
# Copyright (c) 2014, Ryan Hefner. All rights reserved.
class packstack::cinder::backend::netapp ()
{
$netapp_storage_family = hiera('CONFIG_CINDER_NETAPP_STORAGE_FAMILY')
$netapp_storage_protocol = hiera('CONFIG_CINDER_NETAPP_STORAGE_PROTOCOL')
$netapp_backend_name = 'netapp'
if $netapp_storage_family == 'ontap_cluster' {
if $netapp_storage_protocol == 'nfs' {
cinder::backend::netapp { $netapp_backend_name:
netapp_login => hiera('CONFIG_CINDER_NETAPP_LOGIN'),
netapp_password => hiera('CONFIG_CINDER_NETAPP_PASSWORD'),
netapp_server_hostname => hiera('CONFIG_CINDER_NETAPP_HOSTNAME'),
netapp_server_port => hiera('CONFIG_CINDER_NETAPP_SERVER_PORT'),
netapp_storage_family => hiera('CONFIG_CINDER_NETAPP_STORAGE_FAMILY'),
netapp_storage_protocol => hiera('CONFIG_CINDER_NETAPP_STORAGE_PROTOCOL'),
netapp_transport_type => hiera('CONFIG_CINDER_NETAPP_TRANSPORT_TYPE'),
netapp_vserver => hiera('CONFIG_CINDER_NETAPP_VSERVER'),
expiry_thres_minutes => hiera('CONFIG_CINDER_NETAPP_EXPIRY_THRES_MINUTES'),
thres_avl_size_perc_start => hiera('CONFIG_CINDER_NETAPP_THRES_AVL_SIZE_PERC_START'),
thres_avl_size_perc_stop => hiera('CONFIG_CINDER_NETAPP_THRES_AVL_SIZE_PERC_STOP'),
nfs_shares => hiera_array('CONFIG_CINDER_NETAPP_NFS_SHARES'),
nfs_shares_config => hiera('CONFIG_CINDER_NETAPP_NFS_SHARES_CONFIG'),
}
ensure_packages(['nfs-utils'], {'ensure' => 'present'})
}
elsif $netapp_storage_protocol == 'iscsi' {
cinder::backend::netapp { $netapp_backend_name:
netapp_login => hiera('CONFIG_CINDER_NETAPP_LOGIN'),
netapp_password => hiera('CONFIG_CINDER_NETAPP_PASSWORD'),
netapp_server_hostname => hiera('CONFIG_CINDER_NETAPP_HOSTNAME'),
netapp_server_port => hiera('CONFIG_CINDER_NETAPP_SERVER_PORT'),
netapp_size_multiplier => hiera('CONFIG_CINDER_NETAPP_SIZE_MULTIPLIER'),
netapp_storage_family => hiera('CONFIG_CINDER_NETAPP_STORAGE_FAMILY'),
netapp_storage_protocol => hiera('CONFIG_CINDER_NETAPP_STORAGE_PROTOCOL'),
netapp_transport_type => hiera('CONFIG_CINDER_NETAPP_TRANSPORT_TYPE'),
netapp_vserver => hiera('CONFIG_CINDER_NETAPP_VSERVER'),
}
ensure_packages(['iscsi-initiator-utils'], {'ensure' => 'present'})
}
elsif $netapp_storage_protocol == 'fc' {
cinder::backend::netapp { $netapp_backend_name:
netapp_login => hiera('CONFIG_CINDER_NETAPP_LOGIN'),
netapp_password => hiera('CONFIG_CINDER_NETAPP_PASSWORD'),
netapp_server_hostname => hiera('CONFIG_CINDER_NETAPP_HOSTNAME'),
netapp_server_port => hiera('CONFIG_CINDER_NETAPP_SERVER_PORT'),
netapp_size_multiplier => hiera('CONFIG_CINDER_NETAPP_SIZE_MULTIPLIER'),
netapp_storage_family => hiera('CONFIG_CINDER_NETAPP_STORAGE_FAMILY'),
netapp_storage_protocol => hiera('CONFIG_CINDER_NETAPP_STORAGE_PROTOCOL'),
netapp_transport_type => hiera('CONFIG_CINDER_NETAPP_TRANSPORT_TYPE'),
netapp_vserver => hiera('CONFIG_CINDER_NETAPP_VSERVER'),
}
}
}
elsif $netapp_storage_family == 'ontap_7mode' {
if $netapp_storage_protocol == 'nfs' {
cinder::backend::netapp { $netapp_backend_name:
netapp_login => hiera('CONFIG_CINDER_NETAPP_LOGIN'),
netapp_password => hiera('CONFIG_CINDER_NETAPP_PASSWORD'),
netapp_server_hostname => hiera('CONFIG_CINDER_NETAPP_HOSTNAME'),
netapp_server_port => hiera('CONFIG_CINDER_NETAPP_SERVER_PORT'),
netapp_storage_family => hiera('CONFIG_CINDER_NETAPP_STORAGE_FAMILY'),
netapp_storage_protocol => hiera('CONFIG_CINDER_NETAPP_STORAGE_PROTOCOL'),
netapp_transport_type => hiera('CONFIG_CINDER_NETAPP_TRANSPORT_TYPE'),
expiry_thres_minutes => hiera('CONFIG_CINDER_NETAPP_EXPIRY_THRES_MINUTES'),
thres_avl_size_perc_start => hiera('CONFIG_CINDER_NETAPP_THRES_AVL_SIZE_PERC_START'),
thres_avl_size_perc_stop => hiera('CONFIG_CINDER_NETAPP_THRES_AVL_SIZE_PERC_STOP'),
nfs_shares => hiera_array('CONFIG_CINDER_NETAPP_NFS_SHARES'),
nfs_shares_config => hiera('CONFIG_CINDER_NETAPP_NFS_SHARES_CONFIG'),
}
ensure_packages(['nfs-utils'], {'ensure' => 'present'})
}
elsif $netapp_storage_protocol == 'iscsi' {
cinder::backend::netapp { $netapp_backend_name:
netapp_login => hiera('CONFIG_CINDER_NETAPP_LOGIN'),
netapp_password => hiera('CONFIG_CINDER_NETAPP_PASSWORD'),
netapp_server_hostname => hiera('CONFIG_CINDER_NETAPP_HOSTNAME'),
netapp_server_port => hiera('CONFIG_CINDER_NETAPP_SERVER_PORT'),
netapp_size_multiplier => hiera('CONFIG_CINDER_NETAPP_SIZE_MULTIPLIER'),
netapp_storage_family => hiera('CONFIG_CINDER_NETAPP_STORAGE_FAMILY'),
netapp_storage_protocol => hiera('CONFIG_CINDER_NETAPP_STORAGE_PROTOCOL'),
netapp_transport_type => hiera('CONFIG_CINDER_NETAPP_TRANSPORT_TYPE'),
netapp_vfiler => hiera('CONFIG_CINDER_NETAPP_VFILER'),
netapp_volume_list => hiera('CONFIG_CINDER_NETAPP_VOLUME_LIST'),
}
ensure_packages(['iscsi-initiator-utils'], {'ensure' => 'present'})
}
elsif $netapp_storage_protocol == 'fc' {
cinder::backend::netapp { $netapp_backend_name:
netapp_login => hiera('CONFIG_CINDER_NETAPP_LOGIN'),
netapp_password => hiera('CONFIG_CINDER_NETAPP_PASSWORD'),
netapp_server_hostname => hiera('CONFIG_CINDER_NETAPP_HOSTNAME'),
netapp_server_port => hiera('CONFIG_CINDER_NETAPP_SERVER_PORT'),
netapp_size_multiplier => hiera('CONFIG_CINDER_NETAPP_SIZE_MULTIPLIER'),
netapp_storage_family => hiera('CONFIG_CINDER_NETAPP_STORAGE_FAMILY'),
netapp_storage_protocol => hiera('CONFIG_CINDER_NETAPP_STORAGE_PROTOCOL'),
netapp_transport_type => hiera('CONFIG_CINDER_NETAPP_TRANSPORT_TYPE'),
netapp_vfiler => hiera('CONFIG_CINDER_NETAPP_VFILER'),
netapp_partner_backend_name => hiera('CONFIG_CINDER_NETAPP_PARTNER_BACKEND_NAME'),
netapp_volume_list => hiera('CONFIG_CINDER_NETAPP_VOLUME_LIST'),
}
}
}
elsif $netapp_storage_family == 'eseries' {
cinder::backend::netapp { $netapp_backend_name:
netapp_login => hiera('CONFIG_CINDER_NETAPP_LOGIN'),
netapp_password => hiera('CONFIG_CINDER_NETAPP_PASSWORD'),
netapp_server_hostname => hiera('CONFIG_CINDER_NETAPP_HOSTNAME'),
netapp_server_port => hiera('CONFIG_CINDER_NETAPP_SERVER_PORT'),
netapp_storage_family => hiera('CONFIG_CINDER_NETAPP_STORAGE_FAMILY'),
netapp_storage_protocol => hiera('CONFIG_CINDER_NETAPP_STORAGE_PROTOCOL'),
netapp_transport_type => hiera('CONFIG_CINDER_NETAPP_TRANSPORT_TYPE'),
netapp_controller_ips => hiera('CONFIG_CINDER_NETAPP_CONTROLLER_IPS'),
netapp_sa_password => hiera('CONFIG_CINDER_NETAPP_SA_PASSWORD'),
netapp_storage_pools => hiera('CONFIG_CINDER_NETAPP_STORAGE_POOLS'),
netapp_eseries_host_type => hiera('CONFIG_CINDER_NETAPP_ESERIES_HOST_TYPE'),
netapp_webservice_path => hiera('CONFIG_CINDER_NETAPP_WEBSERVICE_PATH'),
}
ensure_packages(['iscsi-initiator-utils'], {'ensure' => 'present'})
}
cinder::type { $netapp_backend_name:
set_key => 'volume_backend_name',
set_value => $netapp_backend_name,
require => Class['cinder::api'],
}
}

16
packstack/puppet/modules/packstack/manifests/cinder/backend/nfs.pp Normal file
View File

@ -0,0 +1,16 @@
class packstack::cinder::backend::nfs ()
{
ensure_packages(['nfs-utils'], {'ensure' => 'present'})
cinder::backend::nfs { 'nfs':
nfs_servers => hiera_array('CONFIG_CINDER_NFS_MOUNTS'),
require => Package['nfs-utils'],
nfs_shares_config => '/etc/cinder/nfs_shares.conf',
}
cinder::type { 'nfs':
set_key => 'volume_backend_name',
set_value => 'nfs',
require => Class['cinder::api'],
}
}

20
packstack/puppet/modules/packstack/manifests/cinder/backend/solidfire.pp Normal file
View File

@ -0,0 +1,20 @@
# Copyright (c) 2016, Edward Balduf. All rights reserved.
class packstack::cinder::backend::solidfire ()
{
$solidfire_backend_name = 'solidfire'
cinder::backend::solidfire { $solidfire_backend_name :
san_ip => hiera('CONFIG_CINDER_SOLIDFIRE_LOGIN'),
san_login => hiera('CONFIG_CINDER_SOLIDFIRE_PASSWORD'),
san_password => hiera('CONFIG_CINDER_SOLIDFIRE_HOSTNAME'),
volume_backend_name => $solidfire_backend_name,
}
ensure_packages(['iscsi-initiator-utils'], {'ensure' => 'present'})
cinder::type { $solidfire_backend_name:
set_key => 'volume_backend_name',
set_value => $solidfire_backend_name,
require => Class['cinder::api'],
}
}

14
packstack/puppet/modules/packstack/manifests/cinder/backend/vmdk.pp Normal file
View File

@ -0,0 +1,14 @@
class packstack::cinder::backend::vmdk ()
{
cinder::backend::vmdk { 'vmdk':
host_ip => hiera('CONFIG_VCENTER_HOST'),
host_username => hiera('CONFIG_VCENTER_USER'),
host_password => hiera('CONFIG_VCENTER_PASSWORD'),
}
cinder::type { 'vmdk':
set_key => 'volume_backend_name',
set_value => 'vmdk',
require => Class['cinder::api'],
}
}

12
packstack/puppet/modules/packstack/manifests/cinder/backup.pp Normal file
View File

@ -0,0 +1,12 @@
class packstack::cinder::backup ()
{
class { '::cinder::backup': }
$cinder_backup_conf_ctrl_host = hiera('CONFIG_KEYSTONE_HOST_URL')
class { '::cinder::backup::swift':
backup_swift_url => "http://${cinder_backup_conf_ctrl_host}:8080/v1/AUTH_",
}
Class['cinder::api'] ~> Service['cinder-backup']
}

4
packstack/puppet/modules/packstack/manifests/cinder/ceilometer.pp Normal file
View File

@ -0,0 +1,4 @@
class packstack::cinder::ceilometer ()
{
class { '::cinder::ceilometer': }
}

33
packstack/puppet/modules/packstack/manifests/cinder/rabbitmq.pp Normal file
View File

@ -0,0 +1,33 @@
class packstack::cinder::rabbitmq ()
{
$cinder_rab_cfg_cinder_db_pw = hiera('CONFIG_CINDER_DB_PW')
$cinder_rab_cfg_mariadb_host = hiera('CONFIG_MARIADB_HOST_URL')
$kombu_ssl_ca_certs = hiera('CONFIG_AMQP_SSL_CACERT_FILE', undef)
$kombu_ssl_keyfile = hiera('CONFIG_CINDER_SSL_KEY', undef)
$kombu_ssl_certfile = hiera('CONFIG_CINDER_SSL_CERT', undef)
if $kombu_ssl_keyfile {
$files_to_set_owner = [ $kombu_ssl_keyfile, $kombu_ssl_certfile ]
file { $files_to_set_owner:
owner => 'cinder',
group => 'cinder',
require => Class['cinder'],
notify => Service['cinder-api'],
}
}
class { '::cinder':
rabbit_host => hiera('CONFIG_AMQP_HOST_URL'),
rabbit_port => hiera('CONFIG_AMQP_CLIENTS_PORT'),
rabbit_use_ssl => hiera('CONFIG_AMQP_SSL_ENABLED'),
rabbit_userid => hiera('CONFIG_AMQP_AUTH_USER'),
rabbit_password => hiera('CONFIG_AMQP_AUTH_PASSWORD'),
database_connection => "mysql+pymysql://cinder:${cinder_rab_cfg_cinder_db_pw}@${cinder_rab_cfg_mariadb_host}/cinder",
verbose => true,
debug => hiera('CONFIG_DEBUG_MODE'),
kombu_ssl_ca_certs => $kombu_ssl_ca_certs,
kombu_ssl_keyfile => $kombu_ssl_keyfile,
kombu_ssl_certfile => $kombu_ssl_certfile,
}
}

51
packstack/puppet/modules/packstack/manifests/glance.pp Normal file
View File

@ -0,0 +1,51 @@
class packstack::glance ()
{
create_resources(packstack::firewall, hiera('FIREWALL_GLANCE_RULES', {}))
$glance_ks_pw = hiera('CONFIG_GLANCE_DB_PW')
$glance_mariadb_host = hiera('CONFIG_MARIADB_HOST_URL')
$glance_cfg_ctrl_host = hiera('CONFIG_KEYSTONE_HOST_URL')
# glance option bind_host requires address without brackets
$bind_host = hiera('CONFIG_IP_VERSION') ? {
'ipv6' => '::0',
default => '0.0.0.0',
# TO-DO(mmagr): Add IPv6 support when hostnames are used
}
# magical hack for magical config - glance option registry_host requires brackets
$registry_host = hiera('CONFIG_IP_VERSION') ? {
'ipv6' => '[::0]',
default => '0.0.0.0',
# TO-DO(mmagr): Add IPv6 support when hostnames are used
}
class { '::glance::api':
bind_host => $bind_host,
registry_host => $registry_host,
auth_uri => hiera('CONFIG_KEYSTONE_PUBLIC_URL'),
identity_uri => hiera('CONFIG_KEYSTONE_ADMIN_URL'),
keystone_tenant => 'services',
keystone_user => 'glance',
keystone_password => hiera('CONFIG_GLANCE_KS_PW'),
pipeline => 'keystone',
database_connection => "mysql+pymysql://glance:${glance_ks_pw}@${glance_mariadb_host}/glance",
verbose => true,
debug => hiera('CONFIG_DEBUG_MODE'),
os_region_name => hiera('CONFIG_KEYSTONE_REGION'),
workers => hiera('CONFIG_SERVICE_WORKERS'),
known_stores => ['file', 'http', 'swift']
}
class { '::glance::registry':
auth_uri => hiera('CONFIG_KEYSTONE_PUBLIC_URL'),
identity_uri => hiera('CONFIG_KEYSTONE_ADMIN_URL'),
bind_host => $bind_host,
keystone_tenant => 'services',
keystone_user => 'glance',
keystone_password => hiera('CONFIG_GLANCE_KS_PW'),
database_connection => "mysql+pymysql://glance:${glance_ks_pw}@${glance_mariadb_host}/glance",
verbose => true,
debug => hiera('CONFIG_DEBUG_MODE'),
workers => hiera('CONFIG_SERVICE_WORKERS'),
}
}

7
packstack/puppet/modules/packstack/manifests/glance/backend/file.pp Normal file
View File

@ -0,0 +1,7 @@
class packstack::glance::backend::file ()
{
# TO-DO: Make this configurable
class { '::glance::backend::file':
filesystem_store_datadir => '/var/lib/glance/images/',
}
}

12
packstack/puppet/modules/packstack/manifests/glance/backend/swift.pp Normal file
View File

@ -0,0 +1,12 @@
class packstack::glance::backend::swift ()
{
class { '::glance::backend::swift':
swift_store_user => 'services:glance',
swift_store_key => hiera('CONFIG_GLANCE_KS_PW'),
swift_store_auth_address => hiera('CONFIG_KEYSTONE_PUBLIC_URL'),
swift_store_container => 'glance',
swift_store_auth_version => '2',
swift_store_large_object_size => '5120',
swift_store_create_container_on_put => true,
}
}

29
packstack/puppet/modules/packstack/manifests/glance/ceilometer.pp Normal file
View File

@ -0,0 +1,29 @@
class packstack::glance::ceilometer ()
{
$kombu_ssl_ca_certs = hiera('CONFIG_AMQP_SSL_CACERT_FILE', undef)
$kombu_ssl_keyfile = hiera('CONFIG_GLANCE_SSL_KEY', undef)
$kombu_ssl_certfile = hiera('CONFIG_GLANCE_SSL_CERT', undef)
if $kombu_ssl_keyfile {
$files_to_set_owner = [ $kombu_ssl_keyfile, $kombu_ssl_certfile ]
file { $files_to_set_owner:
owner => 'glance',
group => 'glance',
require => Class['::glance::notify::rabbitmq'],
notify => Service['glance-api'],
}
}
class { '::glance::notify::rabbitmq':
rabbit_host => hiera('CONFIG_AMQP_HOST_URL'),
rabbit_notification_exchange => 'glance',
rabbit_notification_topic => 'notifications',
rabbit_port => hiera('CONFIG_AMQP_CLIENTS_PORT'),
rabbit_use_ssl => hiera('CONFIG_AMQP_SSL_ENABLED'),
rabbit_userid => hiera('CONFIG_AMQP_AUTH_USER'),
rabbit_password => hiera('CONFIG_AMQP_AUTH_PASSWORD'),
kombu_ssl_ca_certs => $kombu_ssl_ca_certs,
kombu_ssl_keyfile => $kombu_ssl_keyfile,
kombu_ssl_certfile => $kombu_ssl_certfile,
notification_driver => 'messagingv2',
}
}

50
packstack/puppet/modules/packstack/manifests/gnocchi.pp Normal file
View File

@ -0,0 +1,50 @@
class packstack::gnocchi ()
{
create_resources(packstack::firewall, hiera('FIREWALL_GNOCCHI_RULES', {}))
$gnocchi_cfg_db_pw = hiera('CONFIG_GNOCCHI_DB_PW')
$gnocchi_cfg_mariadb_host = hiera('CONFIG_MARIADB_HOST_URL')
class { '::gnocchi::wsgi::apache':
workers => hiera('CONFIG_SERVICE_WORKERS'),
ssl => false
}
class { '::gnocchi':
database_connection => "mysql+pymysql://gnocchi:${gnocchi_cfg_db_pw}@${gnocchi_cfg_mariadb_host}/gnocchi?charset=utf8",
}
$bind_host = hiera('CONFIG_IP_VERSION') ? {
'ipv6' => '::0',
default => '0.0.0.0',
}
class { '::gnocchi::api':
host => $bind_host,
keystone_identity_uri => hiera('CONFIG_KEYSTONE_ADMIN_URL'),
keystone_password => hiera('CONFIG_GNOCCHI_KS_PW'),
keystone_auth_uri => hiera('CONFIG_KEYSTONE_PUBLIC_URL'),
service_name => 'httpd',
}
# TO-DO: Remove this workaround as soon as module support is implemented (see rhbz#1300662)
gnocchi_config {
'keystone_authtoken/auth_version': value => hiera('CONFIG_KEYSTONE_API_VERSION');
}
class { '::gnocchi::db::sync': }
class { '::gnocchi::storage': }
class { '::gnocchi::storage::file': }
class {'::gnocchi::metricd': }
class {'::gnocchi::statsd':
resource_id => '5e3fcbe2-7aab-475d-b42c-a440aa42e5ad',
user_id => 'e0ca4711-1128-422c-abd6-62db246c32e7',
project_id => 'af0c88e8-90d8-4795-9efe-57f965e67318',
archive_policy_name => 'high',
flush_delay => '10',
}
include ::gnocchi::client
}

22
packstack/puppet/modules/packstack/manifests/heat.pp Normal file
View File

@ -0,0 +1,22 @@
class packstack::heat ()
{
create_resources(packstack::firewall, hiera('FIREWALL_HEAT_RULES', {}))
class { '::heat::api': }
$keystone_admin = hiera('CONFIG_KEYSTONE_ADMIN_USERNAME')
$heat_cfg_ctrl_host = hiera('CONFIG_KEYSTONE_HOST_URL')
class { '::heat::engine':
heat_metadata_server_url => "http://${heat_cfg_ctrl_host}:8000",
heat_waitcondition_server_url => "http://${heat_cfg_ctrl_host}:8000/v1/waitcondition",
heat_watch_server_url => "http://${heat_cfg_ctrl_host}:8003",
auth_encryption_key => hiera('CONFIG_HEAT_AUTH_ENC_KEY'),
}
class { '::heat::keystone::domain':
domain_name => hiera('CONFIG_HEAT_DOMAIN'),
domain_admin => hiera('CONFIG_HEAT_DOMAIN_ADMIN'),
domain_password => hiera('CONFIG_HEAT_DOMAIN_PASSWORD'),
}
}

17
packstack/puppet/modules/packstack/manifests/heat/cfn.pp Normal file
View File

@ -0,0 +1,17 @@
class packstack::heat::cfn ()
{
create_resources(packstack::firewall, hiera('FIREWALL_HEAT_CFN_RULES', {}))
class { '::heat::api_cfn':
workers => hiera('CONFIG_SERVICE_WORKERS'),
}
$heat_cfn_cfg_ctrl_host = hiera('CONFIG_KEYSTONE_HOST_URL')
class { '::heat::keystone::auth_cfn':
admin_url => "http://$heat_cfn_cfg_ctrl_host:8000/v1",
public_url => "http://$heat_cfn_cfg_ctrl_host:8000/v1",
internal_url => "http://$heat_cfn_cfg_ctrl_host:8000/v1",
password => hiera('CONFIG_HEAT_KS_PW'),
}
}

8
packstack/puppet/modules/packstack/manifests/heat/cloudwatch.pp Normal file
View File

@ -0,0 +1,8 @@
class packstack::heat::cloudwatch ()
{
create_resources(packstack::firewall, hiera('FIREWALL_HEAT_CLOUDWATCH_RULES', {}))
class { '::heat::api_cloudwatch':
workers => hiera('CONFIG_SERVICE_WORKERS'),
}
}

45
packstack/puppet/modules/packstack/manifests/heat/rabbitmq.pp Normal file
View File

@ -0,0 +1,45 @@
class packstack::heat::rabbitmq ()
{
$heat_rabbitmq_cfg_heat_db_pw = hiera('CONFIG_HEAT_DB_PW')
$heat_rabbitmq_cfg_mariadb_host = hiera('CONFIG_MARIADB_HOST_URL')
$kombu_ssl_ca_certs = hiera('CONFIG_AMQP_SSL_CACERT_FILE', $::os_service_default)
$kombu_ssl_keyfile = hiera('CONFIG_HEAT_SSL_KEY', $::os_service_default)
$kombu_ssl_certfile = hiera('CONFIG_HEAT_SSL_CERT', $::os_service_default)
if ! is_service_default($kombu_ssl_keyfile) {
$files_to_set_owner = [ $kombu_ssl_keyfile, $kombu_ssl_certfile ]
file { $files_to_set_owner:
owner => 'heat',
group => 'heat',
require => Package['heat-common'],
}
File[$files_to_set_owner] ~> Service<| tag == 'heat-service' |>
}
if hiera('CONFIG_CEILOMETER_INSTALL') == 'y' {
$heat_notification_driver = 'messagingv2'
} else {
$heat_notification_driver = $::os_service_default
}
class { '::heat':
keystone_password => hiera('CONFIG_HEAT_KS_PW'),
auth_uri => hiera('CONFIG_KEYSTONE_PUBLIC_URL'),
identity_uri => hiera('CONFIG_KEYSTONE_ADMIN_URL'),
keystone_ec2_uri => hiera('CONFIG_KEYSTONE_PUBLIC_URL'),
rpc_backend => 'rabbit',
rabbit_host => hiera('CONFIG_AMQP_HOST_URL'),
rabbit_port => hiera('CONFIG_AMQP_CLIENTS_PORT'),
rabbit_use_ssl => hiera('CONFIG_AMQP_SSL_ENABLED'),
rabbit_userid => hiera('CONFIG_AMQP_AUTH_USER'),
rabbit_password => hiera('CONFIG_AMQP_AUTH_PASSWORD'),
verbose => true,
debug => hiera('CONFIG_DEBUG_MODE'),
database_connection => "mysql+pymysql://heat:${heat_rabbitmq_cfg_heat_db_pw}@${heat_rabbitmq_cfg_mariadb_host}/heat",
kombu_ssl_ca_certs => $kombu_ssl_ca_certs,
kombu_ssl_keyfile => $kombu_ssl_keyfile,
kombu_ssl_certfile => $kombu_ssl_certfile,
notification_driver => $heat_notification_driver,
}
}

59
packstack/puppet/modules/packstack/manifests/horizon.pp Normal file
View File

@ -0,0 +1,59 @@
class packstack::horizon ()
{
$is_django_debug = hiera('CONFIG_DEBUG_MODE') ? {
true => 'True',
false => 'False',
}
$bind_host = hiera('CONFIG_IP_VERSION') ? {
'ipv6' => '::0',
default => '0.0.0.0',
# TO-DO(mmagr): Add IPv6 support when hostnames are used
}
$horizon_ssl = hiera('CONFIG_HORIZON_SSL') ? {
'y' => true,
'n' => false,
}
class {'::horizon':
secret_key => hiera('CONFIG_HORIZON_SECRET_KEY'),
keystone_url => hiera('CONFIG_KEYSTONE_PUBLIC_URL'),
keystone_default_role => '_member_',
server_aliases => [hiera('CONFIG_CONTROLLER_HOST'), $::fqdn, 'localhost'],
allowed_hosts => '*',
hypervisor_options => {'can_set_mount_point' => false, },
django_debug => $is_django_debug,
django_session_engine => 'django.contrib.sessions.backends.cache',
cache_backend => 'django.core.cache.backends.memcached.MemcachedCache',
cache_server_ip => '127.0.0.1',
cache_server_port => '11211',
file_upload_temp_dir => '/var/tmp',
listen_ssl => $horizon_ssl,
horizon_cert => hiera('CONFIG_HORIZON_SSL_CERT', undef),
horizon_key => hiera('CONFIG_HORIZON_SSL_KEY', undef),
horizon_ca => hiera('CONFIG_HORIZON_SSL_CACERT', undef),
neutron_options => {
'enable_lb' => hiera('CONFIG_HORIZON_NEUTRON_LB'),
'enable_firewall' => hiera('CONFIG_HORIZON_NEUTRON_FW'),
'enable_vpn' => hiera('CONFIG_HORIZON_NEUTRON_VPN'),
},
}
include '::packstack::memcached'
$firewall_port = hiera('CONFIG_HORIZON_PORT')
firewall { "001 horizon ${firewall_port} incoming":
proto => 'tcp',
dport => [$firewall_port],
action => 'accept',
}
if str2bool($::selinux) {
selboolean{ 'httpd_can_network_connect':
value => on,
persistent => true,
}
}
}

17
packstack/puppet/modules/packstack/manifests/ironic.pp Normal file
View File

@ -0,0 +1,17 @@
class packstack::ironic ()
{
create_resources(packstack::firewall, hiera('FIREWALL_IRONIC_API_RULES', {}))
ironic_config {
'glance/glance_host': value => hiera('CONFIG_STORAGE_HOST_URL');
}
class { '::ironic::api':
auth_uri => hiera('CONFIG_KEYSTONE_PUBLIC_URL'),
admin_password => hiera('CONFIG_IRONIC_KS_PW'),
}
class { '::ironic::client': }
class { '::ironic::conductor': }
}

34
packstack/puppet/modules/packstack/manifests/ironic/rabbitmq.pp Normal file
View File

@ -0,0 +1,34 @@
class packstack::ironic::rabbitmq ()
{
$ironic_rabbitmq_cfg_ironic_db_pw = hiera('CONFIG_IRONIC_DB_PW')
$ironic_rabbitmq_cfg_mariadb_host = hiera('CONFIG_MARIADB_HOST_URL')
$kombu_ssl_ca_certs = hiera('CONFIG_AMQP_SSL_CACERT_FILE', undef)
$kombu_ssl_keyfile = hiera('CONFIG_IRONIC_SSL_KEY', undef)
$kombu_ssl_certfile = hiera('CONFIG_IRONIC_SSL_CERT', undef)
if $kombu_ssl_keyfile {
$files_to_set_owner = [ $kombu_ssl_keyfile, $kombu_ssl_certfile ]
file { $files_to_set_owner:
owner => 'ironic',
group => 'ironic',
require => Package['ironic-common'],
}
File[$files_to_set_owner] ~> Service<| tag == 'ironic-service' |>
}
class { '::ironic':
rpc_backend => 'rabbit',
rabbit_host => hiera('CONFIG_AMQP_HOST_URL'),
rabbit_port => hiera('CONFIG_AMQP_CLIENTS_PORT'),
rabbit_use_ssl => hiera('CONFIG_AMQP_SSL_ENABLED'),
rabbit_userid => hiera('CONFIG_AMQP_AUTH_USER'),
rabbit_password => hiera('CONFIG_AMQP_AUTH_PASSWORD'),
database_connection => "mysql+pymysql://ironic:${ironic_rabbitmq_cfg_ironic_db_pw}@${ironic_rabbitmq_cfg_mariadb_host}/ironic",
debug => true,
verbose => true,
kombu_ssl_ca_certs => $kombu_ssl_ca_certs,
kombu_ssl_keyfile => $kombu_ssl_keyfile,
kombu_ssl_certfile => $kombu_ssl_certfile,
}
}

135
packstack/puppet/modules/packstack/manifests/keystone.pp Normal file
View File

@ -0,0 +1,135 @@
class packstack::keystone ()
{
create_resources(packstack::firewall, hiera('FIREWALL_KEYSTONE_RULES', {}))
$keystone_use_ssl = false
$keystone_cfg_ks_db_pw = hiera('CONFIG_KEYSTONE_DB_PW')
$keystone_cfg_mariadb_host = hiera('CONFIG_MARIADB_HOST_URL')
$keystone_token_provider_str = downcase(hiera('CONFIG_KEYSTONE_TOKEN_FORMAT'))
$keystone_url = regsubst(regsubst(hiera('CONFIG_KEYSTONE_PUBLIC_URL'),'/v2.0',''),'/v3','')
$keystone_admin_url = hiera('CONFIG_KEYSTONE_ADMIN_URL')
$bind_host = hiera('CONFIG_IP_VERSION') ? {
'ipv6' => '::0',
default => '0.0.0.0',
# TO-DO(mmagr): Add IPv6 support when hostnames are used
}
class { '::keystone::client': }
if hiera('CONFIG_KEYSTONE_DB_PURGE_ENABLE',false) {
class { '::keystone::cron::token_flush':
minute => '*/1',
require => Service['crond'],
destination => '/dev/null',
}
service { 'crond':
ensure => 'running',
enable => true,
}
}
class { '::keystone':
admin_token => hiera('CONFIG_KEYSTONE_ADMIN_TOKEN'),
database_connection => "mysql+pymysql://keystone_admin:${keystone_cfg_ks_db_pw}@${keystone_cfg_mariadb_host}/keystone",
token_provider => "keystone.token.providers.${keystone_token_provider_str}.Provider",
verbose => true,
debug => hiera('CONFIG_DEBUG_MODE'),
service_name => 'httpd',
enable_ssl => $keystone_use_ssl,
public_bind_host => $bind_host,
admin_bind_host => $bind_host,
default_domain => 'Default',
}
class { '::keystone::wsgi::apache':
workers => hiera('CONFIG_SERVICE_WORKERS'),
ssl => $keystone_use_ssl
}
if hiera('CONFIG_HEAT_INSTALL') == 'y' {
$keystone_admin_roles = ['admin', '_member_', 'heat_stack_owner']
} else {
$keystone_admin_roles = ['admin']
}
# Ensure the default _member_ role is present
keystone_role { '_member_':
ensure => present,
} ->
class { '::keystone::roles::admin':
email => hiera('CONFIG_KEYSTONE_ADMIN_EMAIL'),
admin => hiera('CONFIG_KEYSTONE_ADMIN_USERNAME'),
password => hiera('CONFIG_KEYSTONE_ADMIN_PW'),
admin_tenant => 'admin',
admin_roles => $keystone_admin_roles,
}
class { '::keystone::endpoint':
default_domain => 'Default',
public_url => $keystone_url,
internal_url => $keystone_url,
admin_url => $keystone_admin_url,
region => hiera('CONFIG_KEYSTONE_REGION'),
# so far enforce v2 as default endpoint
version => 'v2.0',
}
# default assignment driver is SQL
$assignment_driver = 'keystone.assignment.backends.sql.Assignment'
if hiera('CONFIG_KEYSTONE_IDENTITY_BACKEND') == 'ldap' {
if hiera_undef('CONFIG_KEYSTONE_LDAP_USER_ENABLED_EMULATION_DN', undef) {
$user_enabled_emulation = true
} else {
$user_enabled_emulation = false
}
class { '::keystone::ldap':
url => hiera_undef('CONFIG_KEYSTONE_LDAP_URL', undef),
user => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_DN', undef),
password => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_PASSWORD', undef),
suffix => hiera_undef('CONFIG_KEYSTONE_LDAP_SUFFIX', undef),
query_scope => hiera_undef('CONFIG_KEYSTONE_LDAP_QUERY_SCOPE', undef),
page_size => hiera_undef('CONFIG_KEYSTONE_LDAP_PAGE_SIZE', undef),
user_tree_dn => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_SUBTREE', undef),
user_filter => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_FILTER', undef),
user_objectclass => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_OBJECTCLASS', undef),
user_id_attribute => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_ID_ATTRIBUTE', undef),
user_name_attribute => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_NAME_ATTRIBUTE', undef),
user_mail_attribute => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_MAIL_ATTRIBUTE', undef),
user_enabled_attribute => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_ENABLED_ATTRIBUTE', undef),
user_enabled_mask => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_ENABLED_MASK', undef),
user_enabled_default => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_ENABLED_DEFAULT', undef),
user_enabled_invert => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_ENABLED_INVERT', undef),
user_attribute_ignore => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_ATTRIBUTE_IGNORE', undef),
user_default_project_id_attribute => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_DEFAULT_PROJECT_ID_ATTRIBUTE', undef),
user_allow_create => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_ALLOW_CREATE', undef),
user_allow_update => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_ALLOW_UPDATE', undef),
user_allow_delete => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_ALLOW_DELETE', undef),
user_pass_attribute => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_PASS_ATTRIBUTE', undef),
user_enabled_emulation => $user_enabled_emulation,
user_enabled_emulation_dn => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_ENABLED_EMULATION_DN', undef),
user_additional_attribute_mapping => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_ADDITIONAL_ATTRIBUTE_MAPPING', undef),
group_tree_dn => hiera_undef('CONFIG_KEYSTONE_LDAP_GROUP_SUBTREE', undef),
group_filter => hiera_undef('CONFIG_KEYSTONE_LDAP_GROUP_FILTER', undef),
group_objectclass => hiera_undef('CONFIG_KEYSTONE_LDAP_GROUP_OBJECTCLASS', undef),
group_id_attribute => hiera_undef('CONFIG_KEYSTONE_LDAP_GROUP_ID_ATTRIBUTE', undef),
group_name_attribute => hiera_undef('CONFIG_KEYSTONE_LDAP_GROUP_NAME_ATTRIBUTE', undef),
group_member_attribute => hiera_undef('CONFIG_KEYSTONE_LDAP_GROUP_MEMBER_ATTRIBUTE', undef),
group_desc_attribute => hiera_undef('CONFIG_KEYSTONE_LDAP_GROUP_DESC_ATTRIBUTE', undef),
group_attribute_ignore => hiera_undef('CONFIG_KEYSTONE_LDAP_GROUP_ATTRIBUTE_IGNORE', undef),
group_allow_create => hiera_undef('CONFIG_KEYSTONE_LDAP_GROUP_ALLOW_CREATE', undef),
group_allow_update => hiera_undef('CONFIG_KEYSTONE_LDAP_GROUP_ALLOW_UPDATE', undef),
group_allow_delete => hiera_undef('CONFIG_KEYSTONE_LDAP_GROUP_ALLOW_DELETE', undef),
group_additional_attribute_mapping => hiera_undef('CONFIG_KEYSTONE_LDAP_GROUP_ADDITIONAL_ATTRIBUTE_MAPPING', undef),
use_tls => hiera_undef('CONFIG_KEYSTONE_LDAP_USE_TLS', undef),
tls_cacertdir => hiera_undef('CONFIG_KEYSTONE_LDAP_TLS_CACERTDIR', undef),
tls_cacertfile => hiera_undef('CONFIG_KEYSTONE_LDAP_TLS_CACERTFILE', undef),
tls_req_cert => hiera_undef('CONFIG_KEYSTONE_LDAP_TLS_REQ_CERT', undef),
identity_driver => 'keystone.identity.backends.ldap.Identity',
assignment_driver => $assignment_driver,
}
}
}

12
packstack/puppet/modules/packstack/manifests/keystone/aodh.pp Normal file
View File

@ -0,0 +1,12 @@
class packstack::keystone::aodh ()
{
$keystone_host_url = hiera('CONFIG_KEYSTONE_HOST_URL')
class { '::aodh::keystone::auth':
region => hiera('CONFIG_KEYSTONE_REGION'),
password => hiera('CONFIG_AODH_KS_PW'),
public_url => "http://${keystone_host_url}:8042",
admin_url => "http://${keystone_host_url}:8042",
internal_url => "http://${keystone_host_url}:8042",
}
}

15
packstack/puppet/modules/packstack/manifests/keystone/ceilometer.pp Normal file
View File

@ -0,0 +1,15 @@
class packstack::keystone::ceilometer ()
{
$ceilometer_protocol = 'http'
$ceilometer_port = '8777'
$ceilometer_api_host = hiera('CONFIG_KEYSTONE_HOST_URL')
$ceilometer_url = "${ceilometer_protocol}://${ceilometer_api_host}:${ceilometer_port}"
class { '::ceilometer::keystone::auth':
region => hiera('CONFIG_KEYSTONE_REGION'),
password => hiera('CONFIG_CEILOMETER_KS_PW'),
public_url => $ceilometer_url,
admin_url => $ceilometer_url,
internal_url => $ceilometer_url,
}
}

21
packstack/puppet/modules/packstack/manifests/keystone/cinder.pp Normal file
View File

@ -0,0 +1,21 @@
class packstack::keystone::cinder ()
{
$cinder_protocol = 'http'
$cinder_host = hiera('CONFIG_STORAGE_HOST_URL')
$cinder_port = '8776'
$cinder_url = "${cinder_protocol}://${cinder_host}:$cinder_port"
class { '::cinder::keystone::auth':
region => hiera('CONFIG_KEYSTONE_REGION'),
password => hiera('CONFIG_CINDER_KS_PW'),
public_url => "${cinder_url}/v1/%(tenant_id)s",
internal_url => "${cinder_url}/v1/%(tenant_id)s",
admin_url => "${cinder_url}/v1/%(tenant_id)s",
public_url_v2 => "${cinder_url}/v2/%(tenant_id)s",
internal_url_v2 => "${cinder_url}/v2/%(tenant_id)s",
admin_url_v2 => "${cinder_url}/v2/%(tenant_id)s",
public_url_v3 => "${cinder_url}/v3/%(tenant_id)s",
internal_url_v3 => "${cinder_url}/v3/%(tenant_id)s",
admin_url_v3 => "${cinder_url}/v3/%(tenant_id)s",
}
}

15
packstack/puppet/modules/packstack/manifests/keystone/glance.pp Normal file
View File

@ -0,0 +1,15 @@
class packstack::keystone::glance ()
{
$glance_protocol = 'http'
$glance_port = '9292'
$glance_api_host = hiera('CONFIG_STORAGE_HOST_URL')
$glance_url = "${glance_protocol}://${glance_api_host}:${glance_port}"
class { '::glance::keystone::auth':
region => hiera('CONFIG_KEYSTONE_REGION'),
password => hiera('CONFIG_GLANCE_KS_PW'),
public_url => $glance_url,
admin_url => $glance_url,
internal_url => $glance_url,
}
}

12
packstack/puppet/modules/packstack/manifests/keystone/gnocchi.pp Normal file
View File

@ -0,0 +1,12 @@
class packstack::keystone::gnocchi ()
{
$gnocchi_keystone_host_url = hiera('CONFIG_KEYSTONE_HOST_URL')
class { '::gnocchi::keystone::auth':
region => hiera('CONFIG_KEYSTONE_REGION'),
password => hiera('CONFIG_GNOCCHI_KS_PW'),
public_url => "http://${gnocchi_keystone_host_url}:8041",
admin_url => "http://${gnocchi_keystone_host_url}:8041",
internal_url => "http://${gnocchi_keystone_host_url}:8041",
}
}

17
packstack/puppet/modules/packstack/manifests/keystone/heat.pp Normal file
View File

@ -0,0 +1,17 @@
class packstack::keystone::heat ()
{
$heat_protocol = 'http'
$heat_port = '8004'
$heat_api_host = hiera('CONFIG_KEYSTONE_HOST_URL')
$heat_url = "${heat_protocol}://${heat_api_host}:${heat_port}/v1/%(tenant_id)s"
# heat::keystone::auth
class { '::heat::keystone::auth':
region => hiera('CONFIG_KEYSTONE_REGION'),
password => hiera('CONFIG_HEAT_KS_PW'),
public_url => $heat_url,
admin_url => $heat_url,
internal_url => $heat_url,
configure_delegated_roles => true,
}
}

15
packstack/puppet/modules/packstack/manifests/keystone/ironic.pp Normal file
View File

@ -0,0 +1,15 @@
class packstack::keystone::ironic ()
{
$ironic_protocol = 'http'
$ironic_host = hiera('CONFIG_KEYSTONE_HOST_URL')
$ironic_port = '6385'
$ironic_url = "${ironic_protocol}://${ironic_host}:$ironic_port"
class { '::ironic::keystone::auth':
region => hiera('CONFIG_KEYSTONE_REGION'),
password => hiera('CONFIG_IRONIC_KS_PW'),
public_url => $ironic_url,
admin_url => $ironic_url,
internal_url => $ironic_url,
}
}

18
packstack/puppet/modules/packstack/manifests/keystone/manila.pp Normal file
View File

@ -0,0 +1,18 @@
class packstack::keystone::manila ()
{
$manila_protocol = 'http'
$manila_host = hiera('CONFIG_STORAGE_HOST_URL')
$manila_port = '8786'
$manila_url = "${manila_protocol}://${manila_host}:$manila_port/v1/%(tenant_id)s"
$manila_url_v2 = "${manila_protocol}://${manila_host}:$manila_port/v2/%(tenant_id)s"
class { '::manila::keystone::auth':
password => hiera('CONFIG_MANILA_KS_PW'),
public_url => $manila_url,
admin_url => $manila_url,
internal_url => $manila_url,
public_url_v2 => $manila_url_v2,
admin_url_v2 => $manila_url_v2,
internal_url_v2 => $manila_url_v2,
}
}

15
packstack/puppet/modules/packstack/manifests/keystone/neutron.pp Normal file
View File

@ -0,0 +1,15 @@
class packstack::keystone::neutron ()
{
$neutron_protocol = 'http'
$neutron_host = hiera('CONFIG_KEYSTONE_HOST_URL')
$neutron_port = '9696'
$neutron_url = "${neutron_protocol}://${neutron_host}:$neutron_port"
class { '::neutron::keystone::auth':
region => hiera('CONFIG_KEYSTONE_REGION'),
password => hiera('CONFIG_NEUTRON_KS_PW'),
public_url => $neutron_url,
admin_url => $neutron_url,
internal_url => $neutron_url,
}
}

19
packstack/puppet/modules/packstack/manifests/keystone/nova.pp Normal file
View File

@ -0,0 +1,19 @@
class packstack::keystone::nova ()
{
$nova_protocol = 'http'
$nova_host = hiera('CONFIG_KEYSTONE_HOST_URL')
$nova_port = '8774'
$nova_url = "${nova_protocol}://${nova_host}:$nova_port/v2/%(tenant_id)s"
$nova_v3_url = "${nova_protocol}://${nova_host}:$nova_port/v3"
class { '::nova::keystone::auth':
region => hiera('CONFIG_KEYSTONE_REGION'),
password => hiera('CONFIG_NOVA_KS_PW'),
public_url => $nova_url,
admin_url => $nova_url,
internal_url => $nova_url,
public_url_v3 => $nova_v3_url,
admin_url_v3 => $nova_v3_url,
internal_url_v3 => $nova_v3_url,
}
}

14
packstack/puppet/modules/packstack/manifests/keystone/sahara.pp Normal file
View File

@ -0,0 +1,14 @@
class packstack::keystone::sahara ()
{
$sahara_protocol = 'http'
$sahara_host = hiera('CONFIG_KEYSTONE_HOST_URL')
$sahara_port = '8386'
$sahara_url = "${sahara_protocol}://${sahara_host}:$sahara_port/v1.1/%(tenant_id)s"
class { '::sahara::keystone::auth':
password => hiera('CONFIG_SAHARA_KS_PW'),
public_url => $sahara_url,
admin_url => $sahara_url,
internal_url => $sahara_url,
}
}

17
packstack/puppet/modules/packstack/manifests/keystone/swift.pp Normal file
View File

@ -0,0 +1,17 @@
class packstack::keystone::swift ()
{
$swift_protocol = 'http'
$swift_host = hiera('CONFIG_STORAGE_HOST_URL')
$swift_port = '8080'
$swift_url = "${swift_protocol}://${swift_host}:$swift_port/v1/AUTH_%(tenant_id)s"
class { '::swift::keystone::auth':
region => hiera('CONFIG_KEYSTONE_REGION'),
password => hiera('CONFIG_SWIFT_KS_PW'),
operator_roles => ['admin', 'SwiftOperator', 'ResellerAdmin'],
public_url => $swift_url,
internal_url => $swift_url,
admin_url => $swift_url,
configure_s3_endpoint => false,
}
}

15
packstack/puppet/modules/packstack/manifests/keystone/trove.pp Normal file
View File

@ -0,0 +1,15 @@
class packstack::keystone::trove ()
{
$trove_protocol = 'http'
$trove_host = hiera('CONFIG_KEYSTONE_HOST_URL')
$trove_port = '8779'
$trove_url = "${trove_protocol}://${trove_host}:$trove_port/v1.0/%(tenant_id)s"
class { '::trove::keystone::auth':
region => hiera('CONFIG_KEYSTONE_REGION'),
password => hiera('CONFIG_TROVE_KS_PW'),
public_url => $trove_url,
admin_url => $trove_url,
internal_url => $trove_url,
}
}

32
packstack/puppet/modules/packstack/manifests/manila.pp Normal file
View File

@ -0,0 +1,32 @@
class packstack::manila ()
{
create_resources(packstack::firewall, hiera('FIREWALL_MANILA_API_RULES', {}))
manila_config {
'DEFAULT/glance_host': value => hiera('CONFIG_STORAGE_HOST_URL');
}
$bind_host = hiera('CONFIG_IP_VERSION') ? {
'ipv6' => '::0',
default => '0.0.0.0',
# TO-DO(mmagr): Add IPv6 support when hostnames are used
}
class { '::manila::api':
bind_host => $bind_host,
keystone_password => hiera('CONFIG_MANILA_KS_PW'),
keystone_tenant => 'services',
keystone_user => 'manila',
keystone_auth_uri => hiera('CONFIG_KEYSTONE_PUBLIC_URL'),
}
class { '::manila::scheduler':
}
class { '::manila::share':
}
class { '::manila::backends':
enabled_share_backends => hiera('CONFIG_MANILA_BACKEND'),
}
}

50
packstack/puppet/modules/packstack/manifests/manila/backend/generic.pp Normal file
View File

@ -0,0 +1,50 @@
class packstack::manila::backend::generic ()
{
ensure_packages(['nfs-utils'], {'ensure' => 'present'})
manila::backend::generic{ 'generic':
driver_handles_share_servers => hiera('CONFIG_MANILA_GENERIC_DRV_HANDLES_SHARE_SERVERS'),
volume_name_template => hiera('CONFIG_MANILA_GENERIC_VOLUME_NAME_TEMPLATE'),
share_mount_path => hiera('CONFIG_MANILA_GENERIC_SHARE_MOUNT_PATH'),
}
packstack::manila::network{ 'generic': }
if ($::manila_network_type == 'neutron'){
$service_instance_network_helper_type = 'neutron'
}
elsif ($::manila_network_type == 'nova-network'){
$service_instance_network_helper_type = 'nova'
}
$admin_username = hiera('CONFIG_KEYSTONE_ADMIN_USERNAME')
$admin_password = hiera('CONFIG_KEYSTONE_ADMIN_PW')
$admin_tenant = 'admin'
$keystone_url = hiera('CONFIG_KEYSTONE_PUBLIC_URL')
nova_flavor { 'm1.manila':
ensure => present,
id => '66',
ram => '512',
disk => '0',
vcpus => '1',
require => [ Class['::nova::api'], Class['::nova::keystone::auth'] ],
} ->
manila::service_instance{ 'generic':
service_image_location => hiera('CONFIG_MANILA_SERVICE_IMAGE_LOCATION'),
service_instance_user => hiera('CONFIG_MANILA_SERVICE_INSTANCE_USER'),
service_instance_password => hiera('CONFIG_MANILA_SERVICE_INSTANCE_PASSWORD'),
service_instance_network_helper_type => $service_instance_network_helper_type,
service_instance_flavor_id => 66,
}
class { '::manila::compute::nova':
nova_admin_password => hiera('CONFIG_NOVA_KS_PW'),
nova_admin_tenant_name => 'services',
}
class { '::manila::volume::cinder':
cinder_admin_password => hiera('CONFIG_CINDER_KS_PW'),
cinder_admin_tenant_name => 'services',
}
}

10
packstack/puppet/modules/packstack/manifests/manila/backend/glusternative.pp Normal file
View File

@ -0,0 +1,10 @@
class packstack::manila::backend::glusternative ()
{
manila::backend::glusternative{ 'glusternative':
glusterfs_servers => hiera('CONFIG_MANILA_GLUSTERFS_SERVERS'),
glusterfs_native_path_to_private_key => hiera('CONFIG_MANILA_GLUSTERFS_NATIVE_PATH_TO_PRIVATE_KEY'),
glusterfs_volume_pattern => hiera('CONFIG_MANILA_GLUSTERFS_VOLUME_PATTERN'),
}
packstack::manila::network{ 'glusternative': }
}

14
packstack/puppet/modules/packstack/manifests/manila/backend/glusternfs.pp Normal file
View File

@ -0,0 +1,14 @@
class packstack::manila::backend::glusternfs ()
{
manila::backend::glusternfs{ 'glusternfs':
glusterfs_target => hiera('CONFIG_MANILA_GLUSTERFS_TARGET'),
glusterfs_mount_point_base => hiera('CONFIG_MANILA_GLUSTERFS_MOUNT_POINT_BASE'),
glusterfs_nfs_server_type => hiera('CONFIG_MANILA_GLUSTERFS_NFS_SERVER_TYPE'),
glusterfs_path_to_private_key => hiera('CONFIG_MANILA_GLUSTERFS_PATH_TO_PRIVATE_KEY'),
glusterfs_ganesha_server_ip => hiera('CONFIG_MANILA_GLUSTERFS_GANESHA_SERVER_IP'),
}
packstack::manila::network{ 'glusternfs': }
include '::manila::ganesha'
}

18
packstack/puppet/modules/packstack/manifests/manila/backend/netapp.pp Normal file
View File

@ -0,0 +1,18 @@
class packstack::manila::backend::netapp ()
{
manila::backend::netapp{ 'netapp':
driver_handles_share_servers => hiera('CONFIG_MANILA_NETAPP_DRV_HANDLES_SHARE_SERVERS'),
netapp_transport_type => hiera('CONFIG_MANILA_NETAPP_TRANSPORT_TYPE'),
netapp_login => hiera('CONFIG_MANILA_NETAPP_LOGIN'),
netapp_password => hiera('CONFIG_MANILA_NETAPP_PASSWORD'),
netapp_server_hostname => hiera('CONFIG_MANILA_NETAPP_SERVER_HOSTNAME'),
netapp_storage_family => hiera('CONFIG_MANILA_NETAPP_STORAGE_FAMILY'),
netapp_server_port => hiera('CONFIG_MANILA_NETAPP_SERVER_PORT'),
netapp_vserver => hiera('CONFIG_MANILA_NETAPP_VSERVER', undef),
netapp_aggregate_name_search_pattern => hiera('CONFIG_MANILA_NETAPP_AGGREGATE_NAME_SEARCH_PATTERN'),
netapp_root_volume_aggregate => hiera('CONFIG_MANILA_NETAPP_ROOT_VOLUME_AGGREGATE', undef),
netapp_root_volume_name => hiera('CONFIG_MANILA_NETAPP_ROOT_VOLUME_NAME', undef),
}
packstack::manila::network{ 'netapp': }
}

11
packstack/puppet/templates/manila_network.pp → packstack/puppet/modules/packstack/manifests/manila/network.pp
View File

@ -1,17 +1,17 @@
$manila_network_type = hiera('CONFIG_MANILA_NETWORK_TYPE')
define packstack::manila::network ($backend_name = $name) {
$manila_network_type = hiera('CONFIG_MANILA_NETWORK_TYPE')
if ($::manila_network_type == 'neutron'){
if ($manila_network_type == 'neutron'){
class { '::manila::network::neutron':
neutron_admin_password => hiera('CONFIG_NEUTRON_KS_PW'),
neutron_admin_tenant_name => 'services',
}
}
elsif ($::manila_network_type == 'nova-network'){
elsif ($manila_network_type == 'nova-network'){
manila::network::nova_network{ $backend_name: }
}
elsif ($::manila_network_type == 'standalone'){
elsif ($manila_network_type == 'standalone'){
manila::network::standalone{ $backend_name:
standalone_network_plugin_gateway => hiera('CONFIG_MANILA_NETWORK_STANDALONE_GATEWAY'),
standalone_network_plugin_mask => hiera('CONFIG_MANILA_NETWORK_STANDALONE_NETMASK'),
@ -21,6 +21,7 @@ define packstack::manila::network ($backend_name = $name) {
}
}
else {
fail("The value ${::manila_network_type} is not a valid value for the Manila network type.")
fail("The value ${manila_network_type} is not a valid value for the Manila network type.")
}
}

31
packstack/puppet/modules/packstack/manifests/manila/rabbitmq.pp Normal file
View File

@ -0,0 +1,31 @@
class packstack::manila::rabbitmq ()
{
$kombu_ssl_ca_certs = hiera('CONFIG_AMQP_SSL_CACERT_FILE', undef)
$kombu_ssl_keyfile = hiera('CONFIG_MANILA_SSL_KEY', undef)
$kombu_ssl_certfile = hiera('CONFIG_MANILA_SSL_CERT', undef)
if $kombu_ssl_keyfile {
$files_to_set_owner = [ $kombu_ssl_keyfile, $kombu_ssl_certfile ]
file { $files_to_set_owner:
owner => 'manila',
group => 'manila',
# manila user on RH/Fedora is provided by python-manila
require => Package['manila'],
}
File[$files_to_set_owner] ~> Service<| tag == 'manila-service' |>
}
$db_pw = hiera('CONFIG_MANILA_DB_PW')
$mariadb_host = hiera('CONFIG_MARIADB_HOST_URL')
class { '::manila':
rabbit_host => hiera('CONFIG_AMQP_HOST_URL'),
rabbit_port => hiera('CONFIG_AMQP_CLIENTS_PORT'),
rabbit_use_ssl => hiera('CONFIG_AMQP_SSL_ENABLED'),
rabbit_userid => hiera('CONFIG_AMQP_AUTH_USER'),
rabbit_password => hiera('CONFIG_AMQP_AUTH_PASSWORD'),
sql_connection => "mysql+pymysql://manila:${db_pw}@${mariadb_host}/manila",
verbose => true,
debug => hiera('CONFIG_DEBUG_MODE'),
}
}

69
packstack/puppet/modules/packstack/manifests/mariadb.pp Normal file
View File

@ -0,0 +1,69 @@
class packstack::mariadb ()
{
if hiera('CONFIG_MARIADB_INSTALL') == 'y' {
create_resources(packstack::firewall, hiera('FIREWALL_MARIADB_RULES', {}))
$max_connections = hiera('CONFIG_SERVICE_WORKERS') * 128
if ($::mariadb_provides_galera == 'true') {
# Since mariadb 10.1 galera is included in main mariadb
$mariadb_package_name = 'mariadb-server-galera'
$mariadb_present = 'present'
} else {
# Package mariadb-server conflicts with mariadb-galera-server
$mariadb_package_name = 'mariadb-galera-server'
$mariadb_present = 'absent'
}
ensure_packages(['mariadb-server'], {'ensure' => $mariadb_present})
$bind_address = hiera('CONFIG_IP_VERSION') ? {
'ipv6' => '::0',
default => '0.0.0.0',
# TO-DO(mmagr): Add IPv6 support when hostnames are used
}
$mysql_root_password = hiera('CONFIG_MARIADB_PW')
class { '::mysql::server':
package_name => $mariadb_package_name,
restart => true,
root_password => $mysql_root_password,
require => Package['mariadb-server'],
override_options => {
'mysqld' => {
'bind_address' => $bind_address,
'default_storage_engine' => 'InnoDB',
'max_connections' => $max_connections,
'open_files_limit' => '-1',
# galera options
'wsrep_provider' => 'none',
'wsrep_cluster_name' => 'galera_cluster',
'wsrep_sst_method' => 'rsync',
'wsrep_sst_auth' => "root:${mysql_root_password}",
},
},
}
# deleting database users for security
# this is done in mysql::server::account_security but has problems
# when there is no fqdn, so we're defining a slightly different one here
mysql_user { [ 'root@127.0.0.1', 'root@::1', '@localhost', '@%' ]:
ensure => 'absent',
require => Class['mysql::server'],
}
if ($::fqdn != '' and $::fqdn != 'localhost') {
mysql_user { [ "root@${::fqdn}", "@${::fqdn}"]:
ensure => 'absent',
require => Class['mysql::server'],
}
}
if ($::fqdn != $::hostname and $::hostname != 'localhost') {
mysql_user { ["root@${::hostname}", "@${::hostname}"]:
ensure => 'absent',
require => Class['mysql::server'],
}
}
} else {
class { '::remote::db': }
}
}

106
packstack/puppet/modules/packstack/manifests/mariadb/services.pp Normal file
View File

@ -0,0 +1,106 @@
class packstack::mariadb::services ()
{
class { '::keystone::db::mysql':
user => 'keystone_admin',
password => hiera('CONFIG_KEYSTONE_DB_PW'),
allowed_hosts => '%',
charset => 'utf8',
}
if hiera('CONFIG_CINDER_INSTALL') == 'y' {
class { '::cinder::db::mysql':
password => hiera('CONFIG_CINDER_DB_PW'),
host => '%',
allowed_hosts => '%',
charset => 'utf8',
}
}
if hiera('CONFIG_GLANCE_INSTALL') == 'y' {
class { '::glance::db::mysql':
password => hiera('CONFIG_GLANCE_DB_PW'),
host => '%',
allowed_hosts => '%',
charset => 'utf8',
}
}
if hiera('CONFIG_GNOCCHI_INSTALL') == 'y' and
hiera('CONFIG_CEILOMETER_INSTALL') == 'y' {
class { '::gnocchi::db::mysql':
password => hiera('CONFIG_GNOCCHI_DB_PW'),
host => '%',
allowed_hosts => '%',
}
}
if hiera('CONFIG_HEAT_INSTALL') == 'y' {
class { '::heat::db::mysql':
password => hiera('CONFIG_HEAT_DB_PW'),
host => '%',
allowed_hosts => '%',
charset => 'utf8',
}
}
if hiera('CONFIG_IRONIC_INSTALL') == 'y' {
class { '::ironic::db::mysql':
password => hiera('CONFIG_IRONIC_DB_PW'),
host => '%',
allowed_hosts => '%',
charset => 'utf8',
}
}
if hiera('CONFIG_MANILA_INSTALL') == 'y' {
class { '::manila::db::mysql':
password => hiera('CONFIG_MANILA_DB_PW'),
allowed_hosts => '%',
charset => 'utf8',
}
}
if hiera('CONFIG_NEUTRON_INSTALL') == 'y' {
class { '::neutron::db::mysql':
password => hiera('CONFIG_NEUTRON_DB_PW'),
host => '%',
allowed_hosts => '%',
dbname => hiera('CONFIG_NEUTRON_L2_DBNAME'),
charset => 'utf8',
}
}
if hiera('CONFIG_NOVA_INSTALL') == 'y' {
class { '::nova::db::mysql':
password => hiera('CONFIG_NOVA_DB_PW'),
host => '%',
allowed_hosts => '%',
charset => 'utf8',
}
class { '::nova::db::mysql_api':
password => hiera('CONFIG_NOVA_DB_PW'),
host => '%',
allowed_hosts => '%',
charset => 'utf8',
}
}
if hiera('CONFIG_SAHARA_INSTALL') == 'y' {
class { '::sahara::db::mysql':
password => hiera('CONFIG_SAHARA_DB_PW'),
host => '%',
allowed_hosts => '%',
}
}
if hiera('CONFIG_TROVE_INSTALL') == 'y' {
class { '::trove::db::mysql':
password => hiera('CONFIG_TROVE_DB_PW'),
host => '%',
allowed_hosts => '%',
charset => 'utf8',
}
}
}

342
packstack/puppet/modules/packstack/manifests/mariadb/services_remote.pp Normal file
View File

@ -0,0 +1,342 @@
class packstack::mariadb::services_remote () {
remote_database { 'keystone':
ensure => 'present',
charset => 'utf8',
db_host => hiera('CONFIG_MARIADB_HOST'),
db_user => hiera('CONFIG_MARIADB_USER'),
db_password => hiera('CONFIG_MARIADB_PW'),
provider => 'mysql',
}
$mariadb_keystone_noinstall_db_pw = hiera('CONFIG_KEYSTONE_DB_PW')
remote_database_user { 'keystone_admin@%':
password_hash => mysql_password($mariadb_keystone_noinstall_db_pw),
db_host => hiera('CONFIG_MARIADB_HOST'),
db_user => hiera('CONFIG_MARIADB_USER'),
db_password => hiera('CONFIG_MARIADB_PW'),
provider => 'mysql',
require => Remote_database['keystone'],
}
remote_database_grant { 'keystone_admin@%/keystone':
privileges => 'all',
db_host => hiera('CONFIG_MARIADB_HOST'),
db_user => hiera('CONFIG_MARIADB_USER'),
db_password => hiera('CONFIG_MARIADB_PW'),
provider => 'mysql',
require => Remote_database_user['keystone_admin@%'],
}
if hiera('CONFIG_CINDER_INSTALL') == 'y' {
remote_database { 'cinder':
ensure => 'present',
charset => 'utf8',
db_host => hiera('CONFIG_MARIADB_HOST'),
db_user => hiera('CONFIG_MARIADB_USER'),
db_password => hiera('CONFIG_MARIADB_PW'),
provider => 'mysql',
}
$mariadb_cinder_noinstall_db_pw = hiera('CONFIG_CINDER_DB_PW')
remote_database_user { 'cinder@%':
password_hash => mysql_password($mariadb_cinder_noinstall_db_pw),
db_host => hiera('CONFIG_MARIADB_HOST'),
db_user => hiera('CONFIG_MARIADB_USER'),
db_password => hiera('CONFIG_MARIADB_PW'),
provider => 'mysql',
require => Remote_database['cinder'],
}
remote_database_grant { 'cinder@%/cinder':
privileges => 'all',
db_host => hiera('CONFIG_MARIADB_HOST'),
db_user => hiera('CONFIG_MARIADB_USER'),
db_password => hiera('CONFIG_MARIADB_PW'),
provider => 'mysql',
require => Remote_database_user['cinder@%'],
}
}
if hiera('CONFIG_GLANCE_INSTALL') == 'y' {
remote_database { 'glance':
ensure => 'present',
charset => 'utf8',
db_host => hiera('CONFIG_MARIADB_HOST'),
db_user => hiera('CONFIG_MARIADB_USER'),
db_password => hiera('CONFIG_MARIADB_PW'),
provider => 'mysql',
}
$mariadb_glance_noinstall_db_pw = hiera('CONFIG_GLANCE_DB_PW')
remote_database_user { 'glance@%':
password_hash => mysql_password($mariadb_glance_noinstall_db_pw),
db_host => hiera('CONFIG_MARIADB_HOST'),
db_user => hiera('CONFIG_MARIADB_USER'),
db_password => hiera('CONFIG_MARIADB_PW'),
provider => 'mysql',
require => Remote_database['glance'],
}
remote_database_grant { 'glance@%/glance':
privileges => 'all',
db_host => hiera('CONFIG_MARIADB_HOST'),
db_user => hiera('CONFIG_MARIADB_USER'),
db_password => hiera('CONFIG_MARIADB_PW'),
provider => 'mysql',
require => Remote_database_user['glance@%'],
}
}
if hiera('CONFIG_GNOCCHI_INSTALL') == 'y' and
remote_database { 'gnocchi':
ensure => 'present',
charset => 'utf8',
db_host => hiera('CONFIG_MARIADB_HOST'),
db_user => hiera('CONFIG_MARIADB_USER'),
db_password => hiera('CONFIG_MARIADB_PW'),
provider => 'mysql',
}
$gnocchi_cfg_db_pw = hiera('CONFIG_GNOCCHI_DB_PW')
remote_database_user { 'gnocchi@%':
password_hash => mysql_password($gnocchi_cfg_db_pw),
db_host => hiera('CONFIG_MARIADB_HOST'),
db_user => hiera('CONFIG_MARIADB_USER'),
db_password => hiera('CONFIG_MARIADB_PW'),
provider => 'mysql',
require => Remote_database['gnocchi'],
}
remote_database_grant { 'gnocchi@%/gnocchi':
privileges => 'all',
db_host => hiera('CONFIG_MARIADB_HOST'),
db_user => hiera('CONFIG_MARIADB_USER'),
db_password => hiera('CONFIG_MARIADB_PW'),
provider => 'mysql',
require => Remote_database_user['gnocchi@%'],
}
}
if hiera('CONFIG_HEAT_INSTALL') == 'y' {
remote_database { 'heat':
ensure => 'present',
charset => 'utf8',
db_host => hiera('CONFIG_MARIADB_HOST'),
db_user => hiera('CONFIG_MARIADB_USER'),
db_password => hiera('CONFIG_MARIADB_PW'),
provider => 'mysql',
}
$mariadb_heat_noinstall_db_pw = hiera('CONFIG_HEAT_DB_PW')
remote_database_user { 'heat@%':
password_hash => mysql_password($mariadb_heat_noinstall_db_pw),
db_host => hiera('CONFIG_MARIADB_HOST'),
db_user => hiera('CONFIG_MARIADB_USER'),
db_password => hiera('CONFIG_MARIADB_PW'),
provider => 'mysql',
require => Remote_database['heat'],
}
remote_database_grant { 'heat@%/heat':
privileges => 'all',
db_host => hiera('CONFIG_MARIADB_HOST'),
db_user => hiera('CONFIG_MARIADB_USER'),
db_password => hiera('CONFIG_MARIADB_PW'),
provider => 'mysql',
require => Remote_database_user['heat@%'],
}
}
if hiera('CONFIG_IRONIC_INSTALL') == 'y' {
remote_database { 'ironic':
ensure => 'present',
charset => 'utf8',
db_host => hiera('CONFIG_MARIADB_HOST'),
db_user => hiera('CONFIG_MARIADB_USER'),
db_password => hiera('CONFIG_MARIADB_PW'),
provider => 'mysql',
}
$mariadb_ironic_noinstall_db_pw = hiera('CONFIG_IRONIC_DB_PW')
remote_database_user { 'ironic@%':
password_hash => mysql_password($mariadb_ironic_noinstall_db_pw),
db_host => hiera('CONFIG_MARIADB_HOST'),
db_user => hiera('CONFIG_MARIADB_USER'),
db_password => hiera('CONFIG_MARIADB_PW'),
provider => 'mysql',
require => Remote_database['ironic'],
}
remote_database_grant { 'ironic@%/ironic':
privileges => 'all',
db_host => hiera('CONFIG_MARIADB_HOST'),
db_user => hiera('CONFIG_MARIADB_USER'),
db_password => hiera('CONFIG_MARIADB_PW'),
provider => 'mysql',
require => Remote_database_user['ironic@%'],
}
}
if hiera('CONFIG_MANILA_INSTALL') == 'y' {
remote_database { 'manila':
ensure => 'present',
charset => 'utf8',
db_host => hiera('CONFIG_MARIADB_HOST'),
db_user => hiera('CONFIG_MARIADB_USER'),
db_password => hiera('CONFIG_MARIADB_PW'),
provider => 'mysql',
}
$mariadb_manila_noinstall_db_pw = hiera('CONFIG_MANILA_DB_PW')
remote_database_user { 'manila@%':
password_hash => mysql_password($mariadb_manila_noinstall_db_pw),
db_host => hiera('CONFIG_MARIADB_HOST'),
db_user => hiera('CONFIG_MARIADB_USER'),
db_password => hiera('CONFIG_MARIADB_PW'),
provider => 'mysql',
require => Remote_database['manila'],
}
remote_database_grant { 'manila@%/manila':
privileges => 'all',
db_host => hiera('CONFIG_MARIADB_HOST'),
db_user => hiera('CONFIG_MARIADB_USER'),
db_password => hiera('CONFIG_MARIADB_PW'),
provider => 'mysql',
require => Remote_database_user['manila@%'],
}
}
if hiera('CONFIG_NEUTRON_INSTALL') == 'y' {
$mariadb_neutron_noinstall_db_pw = hiera('CONFIG_NEUTRON_DB_PW')
$mariadb_neutron_noinstall_l2_dbname = hiera('CONFIG_NEUTRON_L2_DBNAME')
remote_database { $mariadb_neutron_noinstall_l2_dbname:
ensure => present,
charset => 'utf8',
db_host => hiera('CONFIG_MARIADB_HOST'),
db_user => hiera('CONFIG_MARIADB_USER'),
db_password => hiera('CONFIG_MARIADB_PW'),
provider => 'mysql',
}
remote_database_user { 'neutron@%':
password_hash => mysql_password($mariadb_neutron_noinstall_db_pw),
db_host => hiera('CONFIG_MARIADB_HOST'),
db_user => hiera('CONFIG_MARIADB_USER'),
db_password => hiera('CONFIG_MARIADB_PW'),
provider => 'mysql',
require => Remote_database[$mariadb_neutron_noinstall_l2_dbname],
}
remote_database_grant { "neutron@%/${mariadb_neutron_noinstall_l2_dbname}":
privileges => 'all',
db_host => hiera('CONFIG_MARIADB_HOST'),
db_user => hiera('CONFIG_MARIADB_USER'),
db_password => hiera('CONFIG_MARIADB_PW'),
provider => 'mysql',
require => Remote_database_user['neutron@%'],
}
}
if hiera('CONFIG_NOVA_INSTALL') == 'y' {
remote_database { 'nova':
ensure => 'present',
charset => 'utf8',
db_host => hiera('CONFIG_MARIADB_HOST'),
db_user => hiera('CONFIG_MARIADB_USER'),
db_password => hiera('CONFIG_MARIADB_PW'),
provider => 'mysql',
}
$mariadb_nova_noinstall_db_pw = hiera('CONFIG_NOVA_DB_PW')
remote_database_user { 'nova@%':
password_hash => mysql_password($mariadb_nova_noinstall_db_pw),
db_host => hiera('CONFIG_MARIADB_HOST'),
db_user => hiera('CONFIG_MARIADB_USER'),
db_password => hiera('CONFIG_MARIADB_PW'),
provider => 'mysql',
require => Remote_database['nova'],
}
remote_database_grant { 'nova@%/nova':
privileges => 'all',
db_host => hiera('CONFIG_MARIADB_HOST'),
db_user => hiera('CONFIG_MARIADB_USER'),
db_password => hiera('CONFIG_MARIADB_PW'),
provider => 'mysql',
require => Remote_database_user['nova@%'],
}
}
if hiera('CONFIG_SAHARA_INSTALL') == 'y' {
remote_database { 'sahara':
ensure => 'present',
charset => 'utf8',
db_host => hiera('CONFIG_MARIADB_HOST'),
db_user => hiera('CONFIG_MARIADB_USER'),
db_password => hiera('CONFIG_MARIADB_PW'),
provider => 'mysql',
}
$sahara_cfg_sahara_db_pw = hiera('CONFIG_SAHARA_DB_PW')
remote_database_user { 'sahara@%':
password_hash => mysql_password($sahara_cfg_sahara_db_pw),
db_host => hiera('CONFIG_MARIADB_HOST'),
db_user => hiera('CONFIG_MARIADB_USER'),
db_password => hiera('CONFIG_MARIADB_PW'),
provider => 'mysql',
require => Remote_database['sahara'],
}
remote_database_grant { 'sahara@%/sahara':
privileges => 'all',
db_host => hiera('CONFIG_MARIADB_HOST'),
db_user => hiera('CONFIG_MARIADB_USER'),
db_password => hiera('CONFIG_MARIADB_PW'),
provider => 'mysql',
require => Remote_database_user['sahara@%'],
}
}
if hiera('CONFIG_TROVE_INSTALL') == 'y' {
remote_database { 'trove':
ensure => 'present',
charset => 'utf8',
db_host => hiera('CONFIG_MARIADB_HOST'),
db_user => hiera('CONFIG_MARIADB_USER'),
db_password => hiera('CONFIG_MARIADB_PW'),
provider => 'mysql',
}
$trove_cfg_trove_db_pw = hiera('CONFIG_TROVE_DB_PW')
remote_database_user { 'trove@%':
password_hash => mysql_password($trove_cfg_trove_db_pw),
db_host => hiera('CONFIG_MARIADB_HOST'),
db_user => hiera('CONFIG_MARIADB_USER'),
db_password => hiera('CONFIG_MARIADB_PW'),
provider => 'mysql',
require => Remote_database['trove'],
}
remote_database_grant { 'trove@%/trove':
privileges => 'all',
db_host => hiera('CONFIG_MARIADB_HOST'),
db_user => hiera('CONFIG_MARIADB_USER'),
db_password => hiera('CONFIG_MARIADB_PW'),
provider => 'mysql',
require => Remote_database_user['trove@%'],
}
}
}

15
packstack/puppet/modules/packstack/manifests/memcached.pp Normal file
View File

@ -0,0 +1,15 @@
class packstack::memcached ()
{
# hack for memcached, for now we bind to localhost on ipv6
# https://bugzilla.redhat.com/show_bug.cgi?id=1210658
$memcached_bind_host = hiera('CONFIG_IP_VERSION') ? {
'ipv6' => 'localhost6',
default => '0.0.0.0',
# TO-DO(mmagr): Add IPv6 support when hostnames are used
}
class { '::memcached':
listen_ip => $memcached_bind_host,
max_memory => '10%',
}
}

26
packstack/puppet/modules/packstack/manifests/mongodb.pp Normal file
View File

@ -0,0 +1,26 @@
class packstack::mongodb ()
{
create_resources(packstack::firewall, hiera('FIREWALL_MONGODB_RULES', {}))
$mongodb_host = hiera('CONFIG_MONGODB_HOST')
# The MongoDB config files differ between versions
if (($::operatingsystem == 'fedora' and versioncmp($::operatingsystemrelease, '22') >= 0)
or
($::operatingsystem != 'fedora' and versioncmp($::operatingsystemrelease, '7.0') >= 0)
){
$config_file = '/etc/mongod.conf'
} else {
$config_file = '/etc/mongodb.conf'
}
class { '::mongodb::server':
ipv6 => hiera('CONFIG_IP_VERSION') ? {
'ipv6' => true,
default => false,
# TO-DO(mmagr): Add IPv6 support when hostnames are used
},
smallfiles => true,
bind_ip => force_ip($mongodb_host),
config => $config_file,
}
}

40
packstack/puppet/modules/packstack/manifests/nagios/nrpe.pp Normal file
View File

@ -0,0 +1,40 @@
class packstack::nagios::nrpe ()
{
create_resources(packstack::firewall, hiera('FIREWALL_NAGIOS_NRPE_RULES', {}))
$nagios_configs_cfg_ctrl_host = hiera('CONFIG_CONTROLLER_HOST')
package{ 'nrpe':
ensure => present,
} ->
file{ '/etc/nagios/nrpe.cfg':
ensure => file,
mode => '0644',
owner => 'nagios',
group => 'nagios',
require => Package['nrpe'],
} ->
file_line{'allowed_hosts':
path => '/etc/nagios/nrpe.cfg',
match => 'allowed_hosts=',
line => "allowed_hosts=${nagios_configs_cfg_ctrl_host}",
} ->
# 5 minute load average
file_line{'load5':
path => '/etc/nagios/nrpe.cfg',
match => 'command\[load5\]=',
line => 'command[load5]=cut /proc/loadavg -f 1 -d " "',
} ->
# disk used on /var
file_line{'df_var':
path => '/etc/nagios/nrpe.cfg',
match => "command\[df_var\]=",
line => "command[df_var]=df /var/ | sed -re 's/.* ([0-9]+)%.*/\\1/' | grep -E '^[0-9]'",
} ->
service{'nrpe':
ensure => running,
enable => true,
hasstatus => true,
}
}

80
packstack/puppet/modules/packstack/manifests/nagios/server.pp Normal file
View File

@ -0,0 +1,80 @@
class packstack::nagios::server ()
{
$nagios_cfg_ks_adm_pw = hiera('CONFIG_KEYSTONE_ADMIN_PW')
$nagios_cfg_keystone_url = hiera('CONFIG_KEYSTONE_ADMIN_URL')
$keystone_admin_username = hiera('CONFIG_KEYSTONE_ADMIN_USERNAME')
package { ['nagios', 'nagios-plugins-nrpe']:
ensure => present,
} ->
class { 'packstack::nagios_config_wrapper':
nagios_hosts => hiera('CONFIG_NAGIOS_NODES'),
nagios_openstack_services => hiera('CONFIG_NAGIOS_SERVICES'),
controller_host => hiera('CONFIG_CONTROLLER_HOST'),
require => Package['nagios'],
notify => [Service['nagios'], Service['httpd']],
} ->
# We need to preferably install nagios-plugins-ping
exec { 'nagios-plugins-ping':
path => '/usr/bin',
command => 'yum install -y -d 0 -e 0 monitoring-plugins-ping',
onlyif => 'yum install -y -d 0 -e 0 nagios-plugins-ping &> /dev/null && exit 1 || exit 0',
} ->
file { ['/etc/nagios/nagios_command.cfg', '/etc/nagios/nagios_host.cfg', '/etc/nagios/nagios_service.cfg']:
ensure => file,
mode => '0644',
owner => 'nagios',
group => 'nagios',
} ->
# Remove the entry for localhost, it contains services we're not
# monitoring
file { ['/etc/nagios/objects/localhost.cfg']:
ensure => file,
content => '',
} ->
file_line { 'nagios_host':
path => '/etc/nagios/nagios.cfg',
line => 'cfg_file=/etc/nagios/nagios_host.cfg',
} ->
file_line { 'nagios_command':
path => '/etc/nagios/nagios.cfg',
line => 'cfg_file=/etc/nagios/nagios_command.cfg',
} ->
file_line { 'nagios_service':
path => '/etc/nagios/nagios.cfg',
line => 'cfg_file=/etc/nagios/nagios_service.cfg',
} ->
file { '/etc/nagios/keystonerc_admin':
ensure => file,
owner => 'nagios',
mode => '0600',
content => "export OS_USERNAME=${keystone_admin_username}
export OS_TENANT_NAME=admin
export OS_PASSWORD=${nagios_cfg_ks_adm_pw}
export OS_AUTH_URL=${nagios_cfg_keystone_url}",
}
$cfg_nagios_pw = hiera('CONFIG_NAGIOS_PW')
exec { 'nagiospasswd':
command => "/usr/bin/htpasswd -b /etc/nagios/passwd nagiosadmin ${cfg_nagios_pw}",
require => Package['nagios'],
before => Service['nagios'],
}
class { '::apache::mod::php': }
service { ['nagios']:
ensure => running,
enable => true,
hasstatus => true,
}
firewall { '001 nagios incoming':
proto => 'tcp',
dport => ['80'],
action => 'accept',
}
}

9
packstack/puppet/modules/packstack/manifests/neutron.pp Normal file
View File

@ -0,0 +1,9 @@
class packstack::neutron ()
{
$neutron_db_host = hiera('CONFIG_MARIADB_HOST_URL')
$neutron_db_name = hiera('CONFIG_NEUTRON_L2_DBNAME')
$neutron_db_user = 'neutron'
$neutron_db_password = hiera('CONFIG_NEUTRON_DB_PW')
$neutron_sql_connection = "mysql+pymysql://${neutron_db_user}:${neutron_db_password}@${neutron_db_host}/${neutron_db_name}"
$neutron_user_password = hiera('CONFIG_NEUTRON_KS_PW')
}

53
packstack/puppet/modules/packstack/manifests/neutron/api.pp Normal file
View File

@ -0,0 +1,53 @@
class packstack::neutron::api ()
{
create_resources(packstack::firewall, hiera('FIREWALL_NEUTRON_SERVER_RULES', {}))
$neutron_db_host = hiera('CONFIG_MARIADB_HOST_URL')
$neutron_db_name = hiera('CONFIG_NEUTRON_L2_DBNAME')
$neutron_db_user = 'neutron'
$neutron_db_password = hiera('CONFIG_NEUTRON_DB_PW')
$neutron_sql_connection = "mysql+pymysql://${neutron_db_user}:${neutron_db_password}@${neutron_db_host}/${neutron_db_name}"
$neutron_user_password = hiera('CONFIG_NEUTRON_KS_PW')
class { '::neutron::server':
database_connection => $neutron_sql_connection,
auth_password => $neutron_user_password,
auth_uri => hiera('CONFIG_KEYSTONE_PUBLIC_URL'),
identity_uri => hiera('CONFIG_KEYSTONE_ADMIN_URL'),
sync_db => true,
enabled => true,
api_workers => hiera('CONFIG_SERVICE_WORKERS'),
rpc_workers => hiera('CONFIG_SERVICE_WORKERS'),
service_providers => hiera_array('SERVICE_PROVIDERS'),
}
# TODO: FIXME: remove this hack after upstream resolves https://bugs.launchpad.net/puppet-neutron/+bug/1474961
if hiera('CONFIG_NEUTRON_VPNAAS') == 'y' {
ensure_resource( 'package', 'neutron-vpnaas-agent', {
name => 'openstack-neutron-vpnaas',
tag => ['openstack', 'neutron-package'],
})
Package['neutron-vpnaas-agent'] ~> Service<| tag == 'neutron-service' |>
}
if hiera('CONFIG_NEUTRON_FWAAS') == 'y' {
ensure_resource( 'package', 'neutron-fwaas', {
'name' => 'openstack-neutron-fwaas',
'tag' => 'openstack'
})
Package['neutron-fwaas'] ~> Service<| tag == 'neutron-service' |>
}
if hiera('CONFIG_LBAAS_INSTALL') == 'y' {
ensure_resource( 'package', 'neutron-lbaas-agent', {
name => 'openstack-neutron-lbaas',
tag => ['openstack', 'neutron-package'],
})
Package['neutron-lbaas-agent'] ~> Service<| tag == 'neutron-service' |>
}
file { '/etc/neutron/api-paste.ini':
ensure => file,
mode => '0640',
}
Class['::neutron::server'] -> File['/etc/neutron/api-paste.ini']
}

10
packstack/puppet/modules/packstack/manifests/neutron/dhcp.pp Normal file
View File

@ -0,0 +1,10 @@
class packstack::neutron::dhcp ()
{
create_resources(packstack::firewall, hiera('FIREWALL_NEUTRON_DHCPIN_RULES', {}))
create_resources(packstack::firewall, hiera('FIREWALL_NEUTRON_DHCPOUT_RULES', {}))
class { '::neutron::agents::dhcp':
interface_driver => hiera('CONFIG_NEUTRON_DHCP_INTERFACE_DRIVER'),
debug => hiera('CONFIG_DEBUG_MODE'),
}
}

7
packstack/puppet/modules/packstack/manifests/neutron/fwaas.pp Normal file
View File

@ -0,0 +1,7 @@
class packstack::neutron::fwaas ()
{
class { '::neutron::services::fwaas':
enabled => true,
driver => 'neutron_fwaas.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver',
}
}

23
packstack/puppet/modules/packstack/manifests/neutron/l3.pp Normal file
View File

@ -0,0 +1,23 @@
class packstack::neutron::l3 ()
{
$start_l3_agent = hiera('CONFIG_NEUTRON_VPNAAS') ? {
'y' => false,
default => true
}
class { '::neutron::agents::l3':
interface_driver => hiera('CONFIG_NEUTRON_L3_INTERFACE_DRIVER'),
external_network_bridge => hiera('CONFIG_NEUTRON_L3_EXT_BRIDGE'),
manage_service => $start_l3_agent,
enabled => $start_l3_agent,
debug => hiera('CONFIG_DEBUG_MODE'),
}
if defined(Class['neutron::services::fwaas']) {
Class['neutron::services::fwaas'] -> Class['neutron::agents::l3']
}
sysctl::value { 'net.ipv4.ip_forward':
value => '1',
}
}

14
packstack/puppet/modules/packstack/manifests/neutron/lb_agent.pp Normal file
View File

@ -0,0 +1,14 @@
class packstack::neutron::lb_agent ()
{
$neutron_lb_interface_mappings = hiera_array('CONFIG_NEUTRON_LB_INTERFACE_MAPPINGS')
$use_subnets_value = hiera('CONFIG_USE_SUBNETS')
$use_subnets = $use_subnets_value ? {
'y' => true,
default => false,
}
class { '::neutron::agents::ml2::linuxbridge':
physical_interface_mappings => force_interface($neutron_lb_interface_mappings, $use_subnets),
}
}

13
packstack/puppet/modules/packstack/manifests/neutron/lbaas.pp Normal file
View File

@ -0,0 +1,13 @@
class packstack::neutron::lbaas ()
{
class { '::neutron::agents::lbaas':
interface_driver => hiera('CONFIG_NEUTRON_LBAAS_INTERFACE_DRIVER'),
device_driver => 'neutron.services.loadbalancer.drivers.haproxy.namespace_driver.HaproxyNSDriver',
user_group => 'haproxy',
debug => hiera('CONFIG_DEBUG_MODE'),
}
class {'::neutron::services::lbaas':
service_providers => 'LOADBALANCER:Haproxy:neutron_lbaas.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default',
}
}

9
packstack/puppet/modules/packstack/manifests/neutron/metadata.pp Normal file
View File

@ -0,0 +1,9 @@
class packstack::neutron::metadata ()
{
class { '::neutron::agents::metadata':
shared_secret => hiera('CONFIG_NEUTRON_METADATA_PW'),
metadata_ip => force_ip(hiera('CONFIG_KEYSTONE_HOST_URL')),
debug => hiera('CONFIG_DEBUG_MODE'),
metadata_workers => hiera('CONFIG_SERVICE_WORKERS'),
}
}

7
packstack/puppet/modules/packstack/manifests/neutron/metering.pp Normal file
View File

@ -0,0 +1,7 @@
class packstack::neutron::metering ()
{
class { '::neutron::agents::metering':
interface_driver => hiera('CONFIG_NEUTRON_METERING_IFCE_DRIVER'),
debug => hiera('CONFIG_DEBUG_MODE'),
}
}

31
packstack/puppet/modules/packstack/manifests/neutron/ml2.pp Normal file
View File

@ -0,0 +1,31 @@
class packstack::neutron::ml2 ()
{
if hiera('CONFIG_NEUTRON_ML2_VXLAN_GROUP') == '' {
$vxlan_group_value = undef
} else {
$vxlan_group_value = hiera('CONFIG_NEUTRON_ML2_VXLAN_GROUP')
}
class { '::neutron::plugins::ml2':
type_drivers => hiera_array('CONFIG_NEUTRON_ML2_TYPE_DRIVERS'),
tenant_network_types => hiera_array('CONFIG_NEUTRON_ML2_TENANT_NETWORK_TYPES'),
mechanism_drivers => hiera_array('CONFIG_NEUTRON_ML2_MECHANISM_DRIVERS'),
flat_networks => hiera_array('CONFIG_NEUTRON_ML2_FLAT_NETWORKS'),
network_vlan_ranges => hiera_array('CONFIG_NEUTRON_ML2_VLAN_RANGES'),
tunnel_id_ranges => hiera_array('CONFIG_NEUTRON_ML2_TUNNEL_ID_RANGES'),
vxlan_group => $vxlan_group_value,
vni_ranges => hiera_array('CONFIG_NEUTRON_ML2_VNI_RANGES'),
enable_security_group => true,
firewall_driver => hiera('FIREWALL_DRIVER'),
supported_pci_vendor_devs => hiera_array('CONFIG_NEUTRON_ML2_SUPPORTED_PCI_VENDOR_DEVS'),
sriov_agent_required => hiera('CONFIG_NEUTRON_ML2_SRIOV_AGENT_REQUIRED'),
}
# For cases where "neutron-db-manage upgrade" command is called
# we need to fill config file first
if defined(Exec['neutron-db-manage upgrade']) {
Neutron_plugin_ml2<||> ->
File['/etc/neutron/plugin.ini'] ->
Exec['neutron-db-manage upgrade']
}
}

14
packstack/puppet/modules/packstack/manifests/neutron/notifications.pp Normal file
View File

@ -0,0 +1,14 @@
class packstack::neutron::notifications ()
{
$neutron_notif_cfg_ctrl_host = hiera('CONFIG_KEYSTONE_HOST_URL')
# Configure nova notifications system
class { '::neutron::server::notifications':
username => 'nova',
password => hiera('CONFIG_NOVA_KS_PW'),
tenant_name => 'services',
nova_url => "http://${neutron_notif_cfg_ctrl_host}:8774/v2",
auth_url => hiera('CONFIG_KEYSTONE_ADMIN_URL'),
region_name => hiera('CONFIG_KEYSTONE_REGION'),
}
}

55
packstack/puppet/modules/packstack/manifests/neutron/ovs_agent.pp Normal file
View File

@ -0,0 +1,55 @@
class packstack::neutron::ovs_agent ()
{
$my_ip = choose_my_ip(hiera('HOST_LIST'))
$neutron_tunnel_rule_name = "FIREWALL_NEUTRON_TUNNEL_RULES_${my_ip}"
create_resources(packstack::firewall, hiera($neutron_tunnel_rule_name, {}))
$neutron_ovs_tunnel_if = hiera('CONFIG_NEUTRON_OVS_TUNNEL_IF', undef)
$use_subnets_value = hiera('CONFIG_USE_SUBNETS')
$use_subnets = $use_subnets_value ? {
'y' => true,
default => false,
}
if $neutron_ovs_tunnel_if {
$ovs_agent_vxlan_cfg_neut_ovs_tun_if = force_interface($neutron_ovs_tunnel_if, $use_subnets)
} else {
$ovs_agent_vxlan_cfg_neut_ovs_tun_if = undef
}
if $ovs_agent_vxlan_cfg_neut_ovs_tun_if != '' {
$iface = regsubst($ovs_agent_vxlan_cfg_neut_ovs_tun_if, '[\.\-\:]', '_', 'G')
$localip = inline_template("<%= scope.lookupvar('::ipaddress_${iface}') %>")
} else {
$localip = choose_my_ip(hiera('HOST_LIST'))
}
$network_hosts = split(hiera('CONFIG_NETWORK_HOSTS'),',')
if member($network_hosts, choose_my_ip(hiera('HOST_LIST'))) {
$bridge_ifaces_param = 'CONFIG_NEUTRON_OVS_BRIDGE_IFACES'
$bridge_mappings_param = 'CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS'
} else {
$bridge_ifaces_param = 'CONFIG_NEUTRON_OVS_BRIDGE_IFACES_COMPUTE'
$bridge_mappings_param = 'CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS_COMPUTE'
}
if hiera('CREATE_BRIDGES') == 'y' {
$bridge_uplinks = hiera_array($bridge_ifaces_param)
$bridge_mappings = hiera_array($bridge_mappings_param)
} else {
$bridge_uplinks = []
$bridge_mappings = []
}
class { '::neutron::agents::ml2::ovs':
bridge_uplinks => $bridge_uplinks,
bridge_mappings => $bridge_mappings,
enable_tunneling => hiera('CONFIG_NEUTRON_OVS_TUNNELING'),
tunnel_types => hiera_array('CONFIG_NEUTRON_OVS_TUNNEL_TYPES'),
local_ip => force_ip($localip),
vxlan_udp_port => hiera('CONFIG_NEUTRON_OVS_VXLAN_UDP_PORT',undef),
l2_population => hiera('CONFIG_NEUTRON_USE_L2POPULATION'),
firewall_driver => hiera('FIREWALL_DRIVER'),
}
}

11
packstack/puppet/modules/packstack/manifests/neutron/ovs_bridge.pp Normal file
View File

@ -0,0 +1,11 @@
class packstack::neutron::ovs_bridge ()
{
$agent_service = 'neutron-ovs-agent-service'
$config_neutron_ovs_bridge = hiera('CONFIG_NEUTRON_OVS_BRIDGE')
vs_bridge { $config_neutron_ovs_bridge:
ensure => present,
require => Service[$agent_service],
}
}

40
packstack/puppet/modules/packstack/manifests/neutron/rabbitmq.pp Normal file
View File

@ -0,0 +1,40 @@
class packstack::neutron::rabbitmq ()
{
$bind_host = hiera('CONFIG_IP_VERSION') ? {
'ipv6' => '::0',
default => '0.0.0.0',
# TO-DO(mmagr): Add IPv6 support when hostnames are used
}
$kombu_ssl_ca_certs = hiera('CONFIG_AMQP_SSL_CACERT_FILE', undef)
$kombu_ssl_keyfile = hiera('CONFIG_NEUTRON_SSL_KEY', undef)
$kombu_ssl_certfile = hiera('CONFIG_NEUTRON_SSL_CERT', undef)
if $kombu_ssl_keyfile {
$files_to_set_owner = [ $kombu_ssl_keyfile, $kombu_ssl_certfile ]
file { $files_to_set_owner:
owner => 'neutron',
group => 'neutron',
require => Package['openstack-neutron'],
}
File[$files_to_set_owner] ~> Service<| tag == 'neutron-service' |>
}
class { '::neutron':
bind_host => $bind_host,
rabbit_host => hiera('CONFIG_AMQP_HOST_URL'),
rabbit_port => hiera('CONFIG_AMQP_CLIENTS_PORT'),
rabbit_use_ssl => hiera('CONFIG_AMQP_SSL_ENABLED'),
rabbit_user => hiera('CONFIG_AMQP_AUTH_USER'),
rabbit_password => hiera('CONFIG_AMQP_AUTH_PASSWORD'),
core_plugin => hiera('CONFIG_NEUTRON_CORE_PLUGIN'),
allow_overlapping_ips => true,
service_plugins => hiera_array('SERVICE_PLUGINS'),
verbose => true,
debug => hiera('CONFIG_DEBUG_MODE'),
kombu_ssl_ca_certs => $kombu_ssl_ca_certs,
kombu_ssl_keyfile => $kombu_ssl_keyfile,
kombu_ssl_certfile => $kombu_ssl_certfile,
}
}

6
packstack/puppet/modules/packstack/manifests/neutron/sriov.pp Normal file
View File

@ -0,0 +1,6 @@
class packstack::neutron::sriov ()
{
class { 'neutron::agents::ml2::sriov' :
physical_device_mappings => hiera_array('CONFIG_NEUTRON_ML2_SRIOV_INTERFACE_MAPPINGS'),
}
}

Some files were not shown because too many files have changed in this diff Show More