Refactor plugin to depend on controller galera and rabbitmq
Now with advanced task deployment features, we can deploy detached-keystone during the middle of controller deployment and no longer require separated database plugin. As a consequence this fixes ceilometer deployment as well, which requires RabbitMQ to be functioning. Changed hiera role lookups to compensate for multirole parallel deployment. Fixed OS_AUTH_URL in openrc on controllers to point to keystone VIP instead of management. Change-Id: Ic09939dbf077e99e22d9f937d8a6f3f5fe77db67 Closes-Bug: #1553239 Closes-Bug: #1561050
This commit is contained in:
parent
59ff042425
commit
aa2b581a1d
|
@ -30,18 +30,6 @@ if $detach_keystone_plugin {
|
|||
$network_metadata['vips']['public_service_endpoint']['ipaddr'])
|
||||
|
||||
$nodes_hash = hiera('nodes')
|
||||
|
||||
if hiera('role', 'none') == 'primary-standalone-keystone' {
|
||||
$primary_keystone = 'true'
|
||||
} else {
|
||||
$primary_keystone = 'false'
|
||||
}
|
||||
|
||||
if hiera('role', 'none') =~ /^primary/ {
|
||||
$primary_controller = 'true'
|
||||
} else {
|
||||
$primary_controller = 'false'
|
||||
}
|
||||
$keystone_roles = ['primary-standalone-keystone',
|
||||
'standalone-keystone']
|
||||
$keystone_nodes = get_nodes_hash_by_roles($network_metadata,
|
||||
|
@ -50,7 +38,22 @@ if $detach_keystone_plugin {
|
|||
$keystone_nodes_ips = ipsort(values($keystone_address_map))
|
||||
$keystone_nodes_names = keys($keystone_address_map)
|
||||
|
||||
case hiera('role', 'none') {
|
||||
$roles = join(hiera('roles'), ',')
|
||||
case $roles {
|
||||
/primary-standalone-keystone/: {
|
||||
$primary_keystone = true
|
||||
$primary_controller = true
|
||||
}
|
||||
/^primary/: {
|
||||
$primary_keystone = false
|
||||
$primary_controller = true
|
||||
}
|
||||
default: {
|
||||
$primary_database = false
|
||||
$primary_controller = false
|
||||
}
|
||||
}
|
||||
case $roles {
|
||||
/keystone/: {
|
||||
$corosync_roles = $keystone_roles
|
||||
$corosync_nodes = $keystone_nodes
|
||||
|
@ -60,18 +63,6 @@ if $detach_keystone_plugin {
|
|||
$memcached_addresses = ipsort(values(get_node_to_ipaddr_map_by_network_role($keystone_nodes,'mgmt/memcache')))
|
||||
$deploy_vrouter = 'false'
|
||||
$keystone_enabled = 'true'
|
||||
|
||||
#FIXME(mattymo): Allow plugins to depend on each other and update each other
|
||||
$detach_rabbitmq_plugin = hiera('detach-rabbitmq', undef)
|
||||
if $detach_rabbitmq_plugin {
|
||||
$rabbitmq_roles = [ 'standalone-rabbitmq' ]
|
||||
$amqp_port = hiera('amqp_ports', '5673')
|
||||
$rabbit_nodes = get_nodes_hash_by_roles($network_metadata, $rabbitmq_roles)
|
||||
$rabbit_address_map = get_node_to_ipaddr_map_by_network_role($rabbit_nodes, 'mgmt/messaging')
|
||||
$amqp_ips = ipsort(values($rabbit_address_map))
|
||||
$amqp_hosts = amqp_hosts($amqp_ips, $amqp_port)
|
||||
}
|
||||
|
||||
}
|
||||
/controller/: {
|
||||
$deploy_vrouter = 'true'
|
||||
|
@ -88,11 +79,6 @@ service_endpoint: <%= @keystone_vip %>
|
|||
public_service_endpoint: <%= @public_keystone_vip %>
|
||||
keystone_vip: <%= @keystone_vip %>
|
||||
public_keystone_vip: <%= @public_keystone_vip %>
|
||||
<% if @keystone_nodes -%>
|
||||
<% require "yaml" -%>
|
||||
keystone_nodes:
|
||||
<%= YAML.dump(@keystone_nodes).sub(/--- *$/,"") %>
|
||||
<% end -%>
|
||||
keystone:
|
||||
enabled: <%= @keystone_enabled %>
|
||||
keystone_ipaddresses:
|
||||
|
@ -110,11 +96,6 @@ keystone_names:
|
|||
<% end -%>
|
||||
<% end -%>
|
||||
primary_controller: <%= @primary_controller %>
|
||||
<% if @corosync_nodes -%>
|
||||
<% require "yaml" -%>
|
||||
corosync_nodes:
|
||||
<%= YAML.dump(@corosync_nodes).sub(/--- *$/,"") %>
|
||||
<% end -%>
|
||||
<% if @corosync_roles -%>
|
||||
corosync_roles:
|
||||
<%
|
||||
|
@ -125,11 +106,6 @@ corosync_roles:
|
|||
<% if @colocate_haproxy -%>
|
||||
colocate_haproxy: <%= @colocate_haproxy %>
|
||||
<% end -%>
|
||||
<% if @memcache_nodes -%>
|
||||
<% require "yaml" -%>
|
||||
memcache_nodes:
|
||||
<%= YAML.dump(@memcache_nodes).sub(/--- *$/,"") %>
|
||||
<% end -%>
|
||||
<% if @memcache_roles -%>
|
||||
memcache_roles:
|
||||
<%
|
||||
|
@ -145,19 +121,11 @@ memcached_addresses:
|
|||
<% end -%>
|
||||
<% end -%>
|
||||
deploy_vrouter: <%= @deploy_vrouter %>
|
||||
<% if @amqp_hosts -%>
|
||||
amqp_hosts: <%= @amqp_hosts %>
|
||||
<% end -%>
|
||||
')
|
||||
|
||||
file { '/etc/hiera/override':
|
||||
ensure => directory,
|
||||
}
|
||||
|
||||
file { "${hiera_dir}/${plugin_yaml}":
|
||||
ensure => file,
|
||||
content => "${detach_keystone_plugin['yaml_additional_config']}\n${calculated_content}\n",
|
||||
require => File['/etc/hiera/override'],
|
||||
}
|
||||
|
||||
package { 'ruby-deep-merge':
|
||||
|
|
|
@ -25,11 +25,11 @@ $public_address = get_ssl_property($ssl_hash, $public_ssl_hash, 'keystone', 'pu
|
|||
$public_port = '5000'
|
||||
|
||||
$internal_protocol = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'protocol', 'http')
|
||||
$internal_address = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'hostname', [$management_vip])
|
||||
$internal_address = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'hostname', [$service_endpoint])
|
||||
$internal_port = '5000'
|
||||
|
||||
$admin_protocol = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'protocol', 'http')
|
||||
$admin_address = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'hostname', [$management_vip])
|
||||
$admin_address = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'hostname', [$service_endpoint])
|
||||
$admin_port = '35357'
|
||||
|
||||
$public_url = "${public_protocol}://${public_address}:${public_port}"
|
||||
|
|
|
@ -1,13 +1,15 @@
|
|||
# Custom roles definition
|
||||
- id: primary-standalone-keystone
|
||||
type: group
|
||||
role: [primary-standalone-keystone]
|
||||
requires: [deploy_start, primary-standalone-database]
|
||||
required_for: [primary-controller, cinder-keystone, nova-keystone, deploy_end]
|
||||
requires: [deploy_start, primary-database, database,
|
||||
primary-rabbitmq, rabbitmq]
|
||||
required_for: [deploy_end]
|
||||
tasks: [hiera, fuel_pkgs, globals, tools, logging,
|
||||
netconfig, hosts, firewall, keystone-firewall, ssl-keys-saving,
|
||||
ssl-add-trust-chain, deploy_start, cluster, keystone-vip, cluster-haproxy,
|
||||
openstack-haproxy-stats, task-keystone-db, memcached, apache,
|
||||
task-keystone]
|
||||
ssl-add-trust-chain, deploy_start, primary-cluster, keystone-vip,
|
||||
primary-cluster-haproxy, openstack-haproxy-stats,
|
||||
memcached, apache, primary-keystone]
|
||||
parameters:
|
||||
strategy:
|
||||
type: one_by_one
|
||||
|
@ -15,23 +17,35 @@
|
|||
- id: standalone-keystone
|
||||
type: group
|
||||
role: [standalone-keystone]
|
||||
requires: [deploy_start, primary-standalone-keystone]
|
||||
required_for: [primary-controller, cinder-keystone, nova-keystone, deploy_end]
|
||||
requires: [deploy_start, primary-database, database, primary-rabbitmq, rabbitmq]
|
||||
required_for: [deploy_end]
|
||||
tasks: [hiera, fuel_pkgs, globals, tools, logging,
|
||||
netconfig, hosts, firewall, keystone-firewall, ssl-keys-saving,
|
||||
ssl-add-trust-chain, deploy_start, cluster, keystone-vip, cluster-haproxy,
|
||||
openstack-haproxy-stats, task-keystone-db, memcached, apache,
|
||||
task-keystone]
|
||||
openstack-haproxy-stats, memcached, apache, keystone]
|
||||
parameters:
|
||||
strategy:
|
||||
type: parallel
|
||||
|
||||
# Custom tasks needed for plugin
|
||||
- id: keystone-hiera-override
|
||||
version: 2.0.0
|
||||
type: puppet
|
||||
role: '*'
|
||||
requires: [globals]
|
||||
required_for: [logging, keystone-controller]
|
||||
parameters:
|
||||
puppet_manifest: 'hiera-override.pp'
|
||||
puppet_modules: '/etc/puppet/modules'
|
||||
timeout: 120
|
||||
|
||||
- id: keystone-haproxy
|
||||
type: puppet
|
||||
groups: [primary-standalone-keystone, standalone-keystone, openstack-haproxy-stats]
|
||||
role: [primary-standalone-keystone, standalone-keystone]
|
||||
version: 2.0.0
|
||||
required_for: [task-keystone, deploy_end]
|
||||
requires: [deploy_start, keystone-vip, cluster-haproxy]
|
||||
required_for: [keystone, deploy_end]
|
||||
requires: [deploy_start, keystone-vip, primary-cluster-haproxy,
|
||||
cluster-haproxy]
|
||||
parameters:
|
||||
puppet_manifest: 'haproxy.pp'
|
||||
puppet_modules: '/etc/puppet/modules'
|
||||
|
@ -40,74 +54,112 @@
|
|||
- id: keystone-vip
|
||||
type: puppet
|
||||
version: 2.0.0
|
||||
groups: [primary-standalone-keystone, standalone-keystone]
|
||||
role: [primary-standalone-keystone, standalone-keystone]
|
||||
required_for: [deploy_end]
|
||||
requires: [cluster]
|
||||
requires: [primary-cluster, cluster]
|
||||
cross-depends:
|
||||
- name: /(primary-)?cluster$/
|
||||
role: self
|
||||
parameters:
|
||||
puppet_manifest: '/etc/puppet/modules/osnailyfacter/modular/virtual_ips/virtual_ips.pp'
|
||||
puppet_modules: '/etc/puppet/modules'
|
||||
timeout: 3600
|
||||
|
||||
- id: task-keystone-db
|
||||
- id: keystone-firewall
|
||||
type: puppet
|
||||
version: 2.0.0
|
||||
groups: [primary-standalone-keystone, standalone-keystone]
|
||||
required_for: [task-keystone]
|
||||
requires: [primary-database, database]
|
||||
cross-depends:
|
||||
- name: /(primary-)?database/
|
||||
role: self
|
||||
role: [primary-standalone-keystone, standalone-keystone]
|
||||
requires: [keystone-hiera-override, firewall]
|
||||
required_for: [primary-cluster, cluster]
|
||||
parameters:
|
||||
puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/keystone/db.pp
|
||||
puppet_manifest: 'keystone_firewall.pp'
|
||||
puppet_modules: /etc/puppet/modules
|
||||
timeout: 1800
|
||||
timeout: 180
|
||||
|
||||
- id: task-keystone
|
||||
# Override existing Fuel tasks to run on standalone-keystone role
|
||||
- id: openrc-delete
|
||||
type: puppet
|
||||
version: 2.0.0
|
||||
groups: [primary-standalone-keystone, standalone-keystone]
|
||||
requires: [deploy_start, firewall, keystone-firewall, keystone-haproxy,
|
||||
keystone-vip, task-keystone-db, memcached, apache]
|
||||
cross-depends:
|
||||
- name: keystone-db
|
||||
- name: primary-keystone
|
||||
required_for: [openstack-controller]
|
||||
role: [primary-standalone-keystone, standalone-keystone]
|
||||
requires: [deploy_start]
|
||||
required_for: [primary-keystone, keystone]
|
||||
refresh_on: [keystone_config]
|
||||
parameters:
|
||||
puppet_manifest: '/etc/puppet/modules/osnailyfacter/modular/keystone/keystone.pp'
|
||||
puppet_modules: '/etc/puppet/modules'
|
||||
puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/keystone/openrc_delete.pp
|
||||
puppet_modules: /etc/puppet/modules
|
||||
timeout: 90
|
||||
|
||||
- id: primary-keystone
|
||||
type: puppet
|
||||
version: 2.0.0
|
||||
role: [primary-standalone-keystone]
|
||||
required_for: [deploy_end, primary-openstack-controller, openstack-controller]
|
||||
requires: [keystone-haproxy, database, primary-rabbitmq, rabbitmq, primary-database]
|
||||
refresh_on: [keystone_config]
|
||||
cross-depends:
|
||||
- name: /(primary-)?rabbitmq/
|
||||
- name: keystone-db
|
||||
- name: memcached
|
||||
parameters:
|
||||
puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/keystone/keystone.pp
|
||||
puppet_modules: /etc/puppet/modules
|
||||
timeout: 3600
|
||||
test_pre:
|
||||
cmd: ruby /etc/puppet/modules/osnailyfacter/modular/keystone/keystone_pre.rb
|
||||
test_post:
|
||||
cmd: ruby /etc/puppet/modules/osnailyfacter/modular/keystone/keystone_post.rb
|
||||
|
||||
- id: task-workloads_collector_add
|
||||
- id: keystone
|
||||
type: puppet
|
||||
version: 2.0.0
|
||||
groups: [primary-standalone-keystone, standalone-keystone]
|
||||
requires: [task-keystone]
|
||||
required_for: [post_deployment_end]
|
||||
role: [standalone-keystone]
|
||||
required_for: [deploy_end, primary-openstack-controller, openstack-controller]
|
||||
requires: [keystone-haproxy, primary-database, database, primary-rabbitmq,
|
||||
rabbitmq]
|
||||
refresh_on: [keystone_config]
|
||||
cross-depends:
|
||||
- name: /(primary-)?rabbitmq/
|
||||
- name: keystone-db
|
||||
- name: primary-keystone
|
||||
parameters:
|
||||
puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/keystone/keystone.pp
|
||||
puppet_modules: /etc/puppet/modules
|
||||
timeout: 3600
|
||||
test_pre:
|
||||
cmd: ruby /etc/puppet/modules/osnailyfacter/modular/keystone/keystone_pre.rb
|
||||
test_post:
|
||||
cmd: ruby /etc/puppet/modules/osnailyfacter/modular/keystone/keystone_post.rb
|
||||
|
||||
- id: keystone-db
|
||||
type: puppet
|
||||
version: 2.0.0
|
||||
role: [primary-standalone-keystone]
|
||||
required_for: [keystone, primary-keystone]
|
||||
requires: [hosts]
|
||||
cross-depends:
|
||||
- name: /(primary-)?database/
|
||||
role: primary-controller
|
||||
parameters:
|
||||
puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/keystone/db.pp
|
||||
puppet_modules: /etc/puppet/modules
|
||||
timeout: 1800
|
||||
|
||||
- id: workloads_collector_add
|
||||
type: puppet
|
||||
version: 2.0.0
|
||||
role: [primary-standalone-keystone]
|
||||
required_for: [deploy_end]
|
||||
requires: [keystone, primary-keystone]
|
||||
parameters:
|
||||
puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/keystone/workloads_collector_add.pp
|
||||
puppet_modules: /etc/puppet/modules
|
||||
timeout: 1800
|
||||
|
||||
- id: keystone-firewall
|
||||
- id: disable_keystone_service_token
|
||||
type: puppet
|
||||
version: 2.0.0
|
||||
groups: [primary-standalone-keystone, standalone-keystone]
|
||||
requires: [keystone-hiera-override, firewall]
|
||||
required_for: [cluster]
|
||||
parameters:
|
||||
puppet_manifest: 'keystone_firewall.pp'
|
||||
puppet_modules: /etc/puppet/modules
|
||||
timeout: 180
|
||||
|
||||
- id: disable_standalone_keystone_service_token
|
||||
type: puppet
|
||||
version: 2.0.0
|
||||
groups: [primary-standalone-keystone, standalone-keystone]
|
||||
requires: [task-keystone]
|
||||
role: [primary-standalone-keystone, standalone-keystone]
|
||||
requires: [post_deployment_start]
|
||||
required_for: [post_deployment_end]
|
||||
parameters:
|
||||
puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/astute/service_token_off.pp
|
||||
|
@ -118,48 +170,22 @@
|
|||
- id: keystone-controller
|
||||
type: puppet
|
||||
version: 2.0.0
|
||||
groups: [primary-controller, controller]
|
||||
requires: [deploy_start, keystone]
|
||||
required_for: [cinder-keystone, sahara-keystone, swift-keystone, neutron-keystone,
|
||||
glance-keystone, heat-keystone, ceilometer-keystone, nova-keystone]
|
||||
role: [primary-controller, controller]
|
||||
requires: [deploy_start, primary-cluster-haproxy, cluster-haproxy]
|
||||
# TODO(mattymo): Use cross-depended-by when it works
|
||||
required_for: [ceilometer-keystone, neutron-keystone, nova-keystone,
|
||||
ironic-keystone, swift-keystone, heat-keystone, aodh-keystone,
|
||||
glance-keystone, sahara-keystone, murano-keystone, murano-cfapi-keystone,
|
||||
cinder-keystone]
|
||||
cross-depends:
|
||||
- name: /(primary-)?keystone/
|
||||
role: ["/(primary-)?standalone-keystone/"]
|
||||
# TODO(mattymo): Uncomment when this field works
|
||||
#cross-depended-by:
|
||||
# - name: /(?!haproxy|primary|standalone)-keystone/
|
||||
# role: self
|
||||
parameters:
|
||||
puppet_manifest: 'keystone-controller.pp'
|
||||
puppet_modules: '/etc/puppet/modules'
|
||||
timeout: 600
|
||||
|
||||
#Disable keystone base tasks on controllers
|
||||
- id: primary-keystone
|
||||
type: skipped
|
||||
|
||||
- id: keystone
|
||||
version: 2.0.0
|
||||
type: skipped
|
||||
|
||||
- id: keystone-db
|
||||
version: 2.0.0
|
||||
type: skipped
|
||||
|
||||
- id: openstack-haproxy-keystone
|
||||
version: 2.0.0
|
||||
type: skipped
|
||||
|
||||
- id: workloads_collector_add
|
||||
version: 2.0.0
|
||||
type: skipped
|
||||
|
||||
- id: disable_keystone_service_token
|
||||
version: 2.0.0
|
||||
type: skipped
|
||||
|
||||
- id: keystone-hiera-override
|
||||
version: 2.0.0
|
||||
type: puppet
|
||||
groups: [primary-controller, controller, primary-standalone-keystone,
|
||||
standalone-keystone, cinder, cinder-vmware, compute, ceph-osd,
|
||||
primary-mongo, mongo]
|
||||
requires: [globals]
|
||||
required_for: [logging, keystone-controller]
|
||||
parameters:
|
||||
puppet_manifest: 'hiera-override.pp'
|
||||
puppet_modules: '/etc/puppet/modules'
|
||||
timeout: 120
|
||||
|
|
|
@ -2,14 +2,8 @@ attributes:
|
|||
metadata:
|
||||
label: "Detach Keystone Plugin"
|
||||
weight: 90
|
||||
restrictions:
|
||||
- condition: "settings:detach-database.metadata.enabled == false"
|
||||
message: "Detach Database plugin should be installed and enabled."
|
||||
yaml_additional_config:
|
||||
description: |
|
||||
NOTE: This plugin requires the Detach Database plugin, located at
|
||||
https://github.com/stackforge/fuel-plugin-detach-database
|
||||
You cannot add any Keystone role nodes without enabling the plugin.
|
||||
This field contains free form YAML to provide extra parameters.
|
||||
type: "textarea"
|
||||
weight: 52
|
||||
|
|
|
@ -11,6 +11,3 @@ standalone-keystone:
|
|||
min: 1
|
||||
update_required:
|
||||
- standalone-keystone
|
||||
restrictions:
|
||||
- condition: "settings:detach-database.metadata.enabled == false"
|
||||
message: "Detach Database plugin should be installed and enabled."
|
||||
|
|
Loading…
Reference in New Issue