Merge "Add nova placement API configuration"

deployment/puppet/openstack/manifests/ha/nova.pp

@@ -86,6 +86,20 @@ class openstack::ha::nova (
     balancermember_options => 'check inter 10s fastinter 2s downinter 3s rise 3 fall 3',
   }
 
+  openstack::ha::haproxy_service { 'nova-placement-api':
+    order                  => '056',
+    listen_port            => 8778,
+    internal_ssl           => $internal_ssl,
+    internal_ssl_path      => $internal_ssl_path,
+    require_service        => 'nova-placement',
+    haproxy_config_options => {
+      'option'  => ['httpchk', 'httplog', 'forceclose', 'http-buffer-request'],
+      'timeout' => 'http-request 10s',
+    },
+    balancermember_options => 'check inter 10s fastinter 2s downinter 3s rise 3 fall 3',
+  }
+
+
   openstack::ha::haproxy_service { 'nova-novncproxy':
     order                  => '170',
     listen_port            => 6080,

deployment/puppet/openstack_tasks/manifests/openstack_controller/keystone.pp

@@ -18,10 +18,16 @@ class openstack_tasks::openstack_controller::keystone {
   $admin_address       = get_ssl_property($ssl_hash, {}, 'nova', 'admin', 'hostname', [$management_vip])
 
   $compute_port      = '8774'
+  $placement_port      = '8778'
   $public_base_url   = "${public_protocol}://${public_address}:${compute_port}"
   $internal_base_url = "${internal_protocol}://${internal_address}:${compute_port}"
   $admin_base_url    = "${admin_protocol}://${admin_address}:${compute_port}"
 
+  $public_placement_url   = "${public_protocol}://${public_address}:${placement_port}"
+  $internal_placement_url = "${internal_protocol}://${internal_address}:${placement_port}"
+  $admin_placement_url    = "${admin_protocol}://${admin_address}:${placement_port}"
+
+
   $region              = pick($nova_hash['region'], hiera('region', 'RegionOne'))
 
   $password            = $nova_hash['user_password']
@@ -50,6 +56,19 @@ class openstack_tasks::openstack_controller::keystone {
     tenant                => $tenant,
   }
 
+  class { '::nova::keystone::auth_placement':
+    password              => $password,
+    configure_endpoint    => $configure_endpoint,
+    configure_user        => $configure_user,
+    configure_user_role   => $configure_user_role,
+    public_url            => "${public_placement_url}/placement",
+    internal_url          => "${internal_placement_url}/placement",
+    admin_url             => "${admin_placement_url}/placement",
+    region                => $region,
+    tenant                => $tenant,
+  }
+
+
   # support compute (v2) legacy endpoint
   keystone::resource::service_identity { 'nova_legacy':
     configure_user      => false,

deployment/puppet/openstack_tasks/manifests/openstack_controller/openstack_controller.pp

@@ -66,6 +66,8 @@ class openstack_tasks::openstack_controller::openstack_controller {
   $default_floating_net          = pick($neutron_config['default_floating_net'], 'net04_ext')
   $pci_vendor_devs               = pick($neutron_config['supported_pci_vendor_devs'], false)
 
+  $repo_setup              = hiera_hash('repo_setup', {})
+  $repo_type               = pick_default($repo_setup['repo_type'], '')
   # Boolean value for further usage
   if $pci_vendor_devs {
     $sriov_enabled = true
@@ -254,7 +256,26 @@ class openstack_tasks::openstack_controller::openstack_controller {
     auth_version      => pick($nova_hash['auth_version'], $::os_service_default),
     memcached_servers => $local_memcached_server,
   }
+  if $repo_type == 'uca' {
+    class { 'osnailyfacter::apache':
+      listen_ports => hiera_array('apache_ports', ['0.0.0.0:80', '0.0.0.0:8888', '0.0.0.0:5000', '0.0.0.0:35357', '0.0.0.0:8777','0.0.0.0:8042']),
+    }
 
+    $ssl = false
+    class {'::nova::wsgi::apache_placement':
+      ssl       => $ssl,
+      priority  => '36',
+      bind_host => $bind_host,
+      api_port  => 8778,
+    }
+    class {'::nova::placement':
+      password       => $nova_hash['user_password'],
+      auth_url       => $keystone_auth_url,
+      os_interface   => 'internal',
+      project_name   => pick($nova_hash['admin_tenant_name'], $keystone_tenant),
+      os_region_name => $region_name
+    }
+  }
   # Configure nova-api
   class { '::nova::api':
     enabled                              => true,
@@ -372,6 +393,7 @@ class openstack_tasks::openstack_controller::openstack_controller {
     'DEFAULT/ram_weight_multiplier':        value => '1.0'
   }
 
+
   # TODO (iberezovskiy): In Debian open-iscsi is dependency
   # of os-brick package which is required for cinder.
   # Remove this 'if' once UCA packages are updated as well

deployment/puppet/openstack_tasks/manifests/roles/compute.pp

@@ -38,6 +38,16 @@ class openstack_tasks::roles::compute {
   $kombu_compression              = hiera('kombu_compression', $::os_service_default)
   $nova_cache                     = pick($nova_hash['use_cache'], true)
   $region_name                    = hiera('region', 'RegionOne')
+  $keystone_tenant                = pick($nova_hash['tenant'], 'services')
+
+  $internal_auth_protocol = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'protocol', [$nova_hash['auth_protocol'], 'http'])
+  $internal_auth_address  = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'hostname', [$service_endpoint, $management_vip])
+  $admin_auth_protocol    = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'protocol', [$nova_hash['auth_protocol'], 'http'])
+  $admin_auth_address     = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'hostname', [$service_endpoint, $management_vip])
+
+  $keystone_auth_uri = "${internal_auth_protocol}://${internal_auth_address}:5000/"
+  $keystone_auth_url = "${admin_auth_protocol}://${admin_auth_address}:35357/"
+
 
   # get glance api servers list
   $glance_endpoint_default        = hiera('glance_endpoint', $management_vip)
@@ -51,6 +61,10 @@ class openstack_tasks::roles::compute {
   $block_device_allocate_retries          = hiera('block_device_allocate_retries', 300)
   $block_device_allocate_retries_interval = hiera('block_device_allocate_retries_interval', 3)
 
+  #LP1670220 set libvirt service name to libvirtd for UCA
+  $repo_setup              = hiera_hash('repo_setup', {})
+  $repo_type               = pick_default($repo_setup['repo_type'], '')
+
   $transport_url = hiera('transport_url','rabbit://guest:password@127.0.0.1:5672/')
 
   include ::osnailyfacter::test_compute
@@ -263,6 +277,17 @@ class openstack_tasks::roles::compute {
     os_region_name                         => $region_name,
   }
 
+  if $repo_type == 'uca' {
+  class {'::nova::placement':
+    password       => $nova_hash['user_password'],
+    auth_url       => $keystone_auth_url,
+    os_interface   => 'internal',
+    project_name   => pick($nova_hash['admin_tenant_name'], $keystone_tenant),
+    os_region_name => $region_name
+    }
+  }
+
+
   class { '::nova::cache':
     enabled          => $nova_cache,
     backend          => 'oslo_cache.memcache_pool',

deployment/puppet/osnailyfacter/manifests/firewall/firewall.pp

@@ -45,6 +45,7 @@ class osnailyfacter::firewall::firewall {
   $neutron_api_port             = 9696
   $nova_api_compute_port        = 8774
   $nova_api_metadata_port       = 8775
+  $nova_api_placement_port       = 8778
   $nova_api_vnc_ports           = '5900-6900'
   $nova_api_volume_port         = 8776
   $nova_vncproxy_port           = 6080
@@ -304,7 +305,7 @@ class osnailyfacter::firewall::firewall {
     }
 
     openstack::firewall::multi_net {'105 nova internal - no ssl':
-      port        => [$nova_api_metadata_port, $nova_api_vnc_ports],
+      port        => [$nova_api_metadata_port, $nova_api_vnc_ports, $nova_api_placement_port],
       proto       => 'tcp',
       action      => 'accept',
       source_nets => $nova_networks,

deployment/puppet/osnailyfacter/manifests/globals/globals.pp

@@ -141,7 +141,8 @@ class osnailyfacter::globals::globals {
   $keystone_api_address           = get_network_role_property('keystone/api', 'ipaddr')
   $ceilometer_api_address         = get_network_role_property('ceilometer/api', 'ipaddr')
   $aodh_api_address               = get_network_role_property('aodh/api', 'ipaddr')
-  $cinder_api_address               = get_network_role_property('cinder/api', 'ipaddr')
+  $cinder_api_address             = get_network_role_property('cinder/api', 'ipaddr')
+  $nova_api_address               = get_network_role_property('nova/api', 'ipaddr')
 
   $token_provider                 = hiera('token_provider','keystone.token.providers.fernet.Provider')
 
@@ -448,7 +449,8 @@ class osnailyfacter::globals::globals {
                             "${apache_api_proxy_address}:8888",
                             "${keystone_api_address}:5000",
                             "${keystone_api_address}:35357",
-                            "${cinder_api_address}:8776"
+                            "${cinder_api_address}:8776",
+                            "${nova_api_address}:8778"
                             ]
   }
   else {
@@ -458,6 +460,7 @@ class osnailyfacter::globals::globals {
                             "${apache_api_proxy_address}:8888",
                             "${keystone_api_address}:5000",
                             "${keystone_api_address}:35357",
+                            "${nova_api_address}:8778"
                             ]
   }
 

tests/noop/spec/hosts/firewall/firewall_spec.rb

@@ -134,7 +134,7 @@ describe manifest do
       it 'should accept connections to nova without ssl' do
         management_nets.each do |source|
           should contain_firewall("105 nova internal - no ssl from #{source}").with(
-            'dport'        => [ 8775, '5900-6900' ],
+            'dport'        => [ 8775, '5900-6900', 8778 ],
             'proto'       => 'tcp',
             'action'      => 'accept',
             'source'      => source,