Refactor plugin to depend on controller galera and rabbitmq

Now with advanced task deployment features, we can deploy detached-keystone during the middle of controller deployment and no longer require separated database plugin. As a consequence this fixes ceilometer deployment as well, which requires RabbitMQ to be functioning. Changed hiera role lookups to compensate for multirole parallel deployment. Fixed OS_AUTH_URL in openrc on controllers to point to keystone VIP instead of management. Change-Id: Ic09939dbf077e99e22d9f937d8a6f3f5fe77db67 Closes-Bug: #1553239 Closes-Bug: #1561050
2016-03-23 15:47:03 +03:00 · 2016-03-23 15:47:03 +03:00 · aa2b581a1d
parent 59ff042425
commit aa2b581a1d
5 changed files with 135 additions and 150 deletions
--- a/deployment_scripts/hiera-override.pp
+++ b/deployment_scripts/hiera-override.pp
@ -30,18 +30,6 @@ if $detach_keystone_plugin {
                              $network_metadata['vips']['public_service_endpoint']['ipaddr'])

  $nodes_hash          = hiera('nodes')
-
-  if hiera('role', 'none') == 'primary-standalone-keystone' {
-    $primary_keystone = 'true'
-  } else {
-    $primary_keystone = 'false'
-  }
-
-  if hiera('role', 'none') =~ /^primary/ {
-    $primary_controller = 'true'
-  } else {
-    $primary_controller = 'false'
-  }
  $keystone_roles       =  ['primary-standalone-keystone',
    'standalone-keystone']
  $keystone_nodes       = get_nodes_hash_by_roles($network_metadata,
@ -50,7 +38,22 @@ if $detach_keystone_plugin {
  $keystone_nodes_ips   = ipsort(values($keystone_address_map))
  $keystone_nodes_names = keys($keystone_address_map)

-  case hiera('role', 'none') {
+  $roles = join(hiera('roles'), ',')
+  case $roles {
+    /primary-standalone-keystone/: {
+      $primary_keystone = true
+      $primary_controller = true
+    }
+    /^primary/: {
+      $primary_keystone = false
+      $primary_controller = true
+    }
+    default: {
+      $primary_database = false
+      $primary_controller = false
+    }
+  }
+  case $roles {
    /keystone/: {
      $corosync_roles      = $keystone_roles
      $corosync_nodes      = $keystone_nodes
@ -60,18 +63,6 @@ if $detach_keystone_plugin {
      $memcached_addresses = ipsort(values(get_node_to_ipaddr_map_by_network_role($keystone_nodes,'mgmt/memcache')))
      $deploy_vrouter      = 'false'
      $keystone_enabled    = 'true'
-
-      #FIXME(mattymo): Allow plugins to depend on each other and update each other
-      $detach_rabbitmq_plugin = hiera('detach-rabbitmq', undef)
-      if $detach_rabbitmq_plugin {
-        $rabbitmq_roles = [ 'standalone-rabbitmq' ]
-        $amqp_port = hiera('amqp_ports', '5673')
-        $rabbit_nodes = get_nodes_hash_by_roles($network_metadata, $rabbitmq_roles)
-        $rabbit_address_map = get_node_to_ipaddr_map_by_network_role($rabbit_nodes, 'mgmt/messaging')
-        $amqp_ips = ipsort(values($rabbit_address_map))
-        $amqp_hosts = amqp_hosts($amqp_ips, $amqp_port)
-      }
-
    }
    /controller/: {
      $deploy_vrouter   = 'true'
@ -88,11 +79,6 @@ service_endpoint: <%= @keystone_vip %>
 public_service_endpoint: <%= @public_keystone_vip %>
 keystone_vip: <%= @keystone_vip %>
 public_keystone_vip: <%= @public_keystone_vip %>
-<% if @keystone_nodes -%>
-<% require "yaml" -%>
-keystone_nodes:
-<%= YAML.dump(@keystone_nodes).sub(/--- *$/,"") %>
-<% end -%>
 keystone:
  enabled: <%= @keystone_enabled %>
 keystone_ipaddresses:
@ -110,11 +96,6 @@ keystone_names:
 <% end -%>
 <% end -%>
 primary_controller: <%= @primary_controller %>
-<% if @corosync_nodes -%>
-<% require "yaml" -%>
-corosync_nodes:
-<%= YAML.dump(@corosync_nodes).sub(/--- *$/,"") %>
-<% end -%>
 <% if @corosync_roles -%>
 corosync_roles:
 <%
@ -125,11 +106,6 @@ corosync_roles:
 <% if @colocate_haproxy -%>
 colocate_haproxy: <%= @colocate_haproxy %>
 <% end -%>
-<% if @memcache_nodes -%>
-<% require "yaml" -%>
-memcache_nodes:
-<%= YAML.dump(@memcache_nodes).sub(/--- *$/,"") %>
-<% end -%>
 <% if @memcache_roles -%>
 memcache_roles:
 <%
@ -145,19 +121,11 @@ memcached_addresses:
 <% end -%>
 <% end -%>
 deploy_vrouter: <%= @deploy_vrouter %>
-<% if @amqp_hosts -%>
-amqp_hosts: <%=  @amqp_hosts %>
-<% end -%>
 ')

-  file { '/etc/hiera/override':
-    ensure  => directory,
-  }
-
  file { "${hiera_dir}/${plugin_yaml}":
    ensure  => file,
    content => "${detach_keystone_plugin['yaml_additional_config']}\n${calculated_content}\n",
-    require => File['/etc/hiera/override'],
  }

  package { 'ruby-deep-merge':
--- a/deployment_scripts/keystone-controller.pp
+++ b/deployment_scripts/keystone-controller.pp
@ -25,11 +25,11 @@ $public_address  = get_ssl_property($ssl_hash, $public_ssl_hash, 'keystone', 'pu
 $public_port     = '5000'

 $internal_protocol = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'protocol', 'http')
-$internal_address  = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'hostname', [$management_vip])
+$internal_address  = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'hostname', [$service_endpoint])
 $internal_port     = '5000'

 $admin_protocol = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'protocol', 'http')
-$admin_address  = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'hostname', [$management_vip])
+$admin_address  = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'hostname', [$service_endpoint])
 $admin_port     = '35357'

 $public_url   = "${public_protocol}://${public_address}:${public_port}"
--- a/deployment_tasks.yaml
+++ b/deployment_tasks.yaml
@ -1,13 +1,15 @@
+# Custom roles definition
 - id: primary-standalone-keystone
  type: group
  role: [primary-standalone-keystone]
-  requires: [deploy_start, primary-standalone-database]
-  required_for: [primary-controller, cinder-keystone, nova-keystone, deploy_end]
+  requires: [deploy_start, primary-database, database, 
+    primary-rabbitmq, rabbitmq]
+  required_for: [deploy_end]
  tasks: [hiera, fuel_pkgs, globals, tools, logging,
    netconfig, hosts, firewall, keystone-firewall, ssl-keys-saving,
-    ssl-add-trust-chain, deploy_start, cluster, keystone-vip, cluster-haproxy,
-    openstack-haproxy-stats, task-keystone-db, memcached, apache,
-    task-keystone]
+    ssl-add-trust-chain, deploy_start, primary-cluster, keystone-vip,
+    primary-cluster-haproxy, openstack-haproxy-stats,
+    memcached, apache, primary-keystone]
  parameters:
    strategy:
      type: one_by_one
@ -15,23 +17,35 @@
 - id: standalone-keystone
  type: group
  role: [standalone-keystone]
-  requires: [deploy_start, primary-standalone-keystone]
-  required_for: [primary-controller, cinder-keystone, nova-keystone, deploy_end]
+  requires: [deploy_start, primary-database, database, primary-rabbitmq, rabbitmq]
+  required_for: [deploy_end]
  tasks: [hiera, fuel_pkgs, globals, tools, logging,
    netconfig, hosts, firewall, keystone-firewall, ssl-keys-saving,
    ssl-add-trust-chain, deploy_start, cluster, keystone-vip, cluster-haproxy,
-    openstack-haproxy-stats, task-keystone-db, memcached, apache,
-    task-keystone]
+    openstack-haproxy-stats, memcached, apache, keystone]
  parameters:
    strategy:
      type: parallel

+# Custom tasks needed for plugin
+- id: keystone-hiera-override
+  version: 2.0.0
+  type: puppet
+  role: '*'
+  requires: [globals]
+  required_for: [logging, keystone-controller]
+  parameters:
+    puppet_manifest: 'hiera-override.pp'
+    puppet_modules: '/etc/puppet/modules'
+    timeout: 120
+
 - id: keystone-haproxy
  type: puppet
-  groups: [primary-standalone-keystone, standalone-keystone, openstack-haproxy-stats]
+  role: [primary-standalone-keystone, standalone-keystone]
  version: 2.0.0
-  required_for: [task-keystone, deploy_end]
-  requires: [deploy_start, keystone-vip, cluster-haproxy]
+  required_for: [keystone, deploy_end]
+  requires: [deploy_start, keystone-vip, primary-cluster-haproxy,
+    cluster-haproxy]
  parameters:
    puppet_manifest: 'haproxy.pp'
    puppet_modules: '/etc/puppet/modules'
@ -40,74 +54,112 @@
 - id: keystone-vip
  type: puppet
  version: 2.0.0
-  groups: [primary-standalone-keystone, standalone-keystone]
+  role: [primary-standalone-keystone, standalone-keystone]
  required_for: [deploy_end]
-  requires: [cluster]
+  requires: [primary-cluster, cluster]
+  cross-depends:
+    - name: /(primary-)?cluster$/
+      role: self
  parameters:
    puppet_manifest: '/etc/puppet/modules/osnailyfacter/modular/virtual_ips/virtual_ips.pp'
    puppet_modules: '/etc/puppet/modules'
    timeout: 3600

- id: task-keystone-db
+- id: keystone-firewall
  type: puppet
  version: 2.0.0
-  groups: [primary-standalone-keystone, standalone-keystone]
-  required_for: [task-keystone]
-  requires: [primary-database, database]
-  cross-depends:
-    - name: /(primary-)?database/
-      role: self
+  role: [primary-standalone-keystone, standalone-keystone]
+  requires: [keystone-hiera-override, firewall]
+  required_for: [primary-cluster, cluster]
  parameters:
-    puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/keystone/db.pp
+    puppet_manifest: 'keystone_firewall.pp'
    puppet_modules: /etc/puppet/modules
-    timeout: 1800
+    timeout: 180

- id: task-keystone
+# Override existing Fuel tasks to run on standalone-keystone role
+- id: openrc-delete
  type: puppet
  version: 2.0.0
-  groups: [primary-standalone-keystone, standalone-keystone]
-  requires: [deploy_start, firewall, keystone-firewall, keystone-haproxy,
-    keystone-vip, task-keystone-db, memcached, apache]
-  cross-depends:
-    - name: keystone-db
-    - name: primary-keystone
-  required_for: [openstack-controller]
+  role: [primary-standalone-keystone, standalone-keystone]
+  requires: [deploy_start]
+  required_for: [primary-keystone, keystone]
+  refresh_on: [keystone_config]
  parameters:
-    puppet_manifest: '/etc/puppet/modules/osnailyfacter/modular/keystone/keystone.pp'
-    puppet_modules: '/etc/puppet/modules'
+    puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/keystone/openrc_delete.pp
+    puppet_modules: /etc/puppet/modules
+    timeout: 90
+
+- id: primary-keystone
+  type: puppet
+  version: 2.0.0
+  role: [primary-standalone-keystone]
+  required_for: [deploy_end, primary-openstack-controller, openstack-controller]
+  requires: [keystone-haproxy, database, primary-rabbitmq, rabbitmq, primary-database]
+  refresh_on: [keystone_config]
+  cross-depends:
+    - name: /(primary-)?rabbitmq/
+    - name: keystone-db
+    - name: memcached
+  parameters:
+    puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/keystone/keystone.pp
+    puppet_modules: /etc/puppet/modules
    timeout: 3600
  test_pre:
    cmd: ruby /etc/puppet/modules/osnailyfacter/modular/keystone/keystone_pre.rb
  test_post:
    cmd: ruby /etc/puppet/modules/osnailyfacter/modular/keystone/keystone_post.rb

- id: task-workloads_collector_add
+- id: keystone
  type: puppet
  version: 2.0.0
-  groups: [primary-standalone-keystone, standalone-keystone]
-  requires: [task-keystone]
-  required_for: [post_deployment_end]
+  role: [standalone-keystone]
+  required_for: [deploy_end, primary-openstack-controller, openstack-controller]
+  requires: [keystone-haproxy, primary-database, database, primary-rabbitmq,
+    rabbitmq]
+  refresh_on: [keystone_config]
+  cross-depends:
+    - name: /(primary-)?rabbitmq/
+    - name: keystone-db
+    - name: primary-keystone
+  parameters:
+    puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/keystone/keystone.pp
+    puppet_modules: /etc/puppet/modules
+    timeout: 3600
+  test_pre:
+    cmd: ruby /etc/puppet/modules/osnailyfacter/modular/keystone/keystone_pre.rb
+  test_post:
+    cmd: ruby /etc/puppet/modules/osnailyfacter/modular/keystone/keystone_post.rb
+
+- id: keystone-db
+  type: puppet
+  version: 2.0.0
+  role: [primary-standalone-keystone]
+  required_for: [keystone, primary-keystone]
+  requires: [hosts]
+  cross-depends:
+    - name: /(primary-)?database/
+      role: primary-controller
+  parameters:
+    puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/keystone/db.pp
+    puppet_modules: /etc/puppet/modules
+    timeout: 1800
+
+- id: workloads_collector_add
+  type: puppet
+  version: 2.0.0
+  role: [primary-standalone-keystone]
+  required_for: [deploy_end]
+  requires: [keystone, primary-keystone]
  parameters:
    puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/keystone/workloads_collector_add.pp
    puppet_modules: /etc/puppet/modules
    timeout: 1800

- id: keystone-firewall
+- id: disable_keystone_service_token
  type: puppet
  version: 2.0.0
-  groups: [primary-standalone-keystone, standalone-keystone]
-  requires: [keystone-hiera-override, firewall]
-  required_for: [cluster]
-  parameters:
-    puppet_manifest: 'keystone_firewall.pp'
-    puppet_modules: /etc/puppet/modules
-    timeout: 180
-
- id: disable_standalone_keystone_service_token
-  type: puppet
-  version: 2.0.0
-  groups: [primary-standalone-keystone, standalone-keystone]
-  requires: [task-keystone]
+  role: [primary-standalone-keystone, standalone-keystone]
+  requires: [post_deployment_start]
  required_for: [post_deployment_end]
  parameters:
    puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/astute/service_token_off.pp
@ -118,48 +170,22 @@
 - id: keystone-controller
  type: puppet
  version: 2.0.0
-  groups: [primary-controller, controller]
-  requires: [deploy_start, keystone]
-  required_for: [cinder-keystone, sahara-keystone, swift-keystone, neutron-keystone,
-    glance-keystone, heat-keystone, ceilometer-keystone, nova-keystone]
+  role: [primary-controller, controller]
+  requires: [deploy_start, primary-cluster-haproxy, cluster-haproxy]
+  # TODO(mattymo): Use cross-depended-by when it works
+  required_for: [ceilometer-keystone, neutron-keystone, nova-keystone,
+   ironic-keystone, swift-keystone, heat-keystone, aodh-keystone,
+   glance-keystone, sahara-keystone, murano-keystone, murano-cfapi-keystone,
+   cinder-keystone]
+  cross-depends:
+    - name: /(primary-)?keystone/
+      role: ["/(primary-)?standalone-keystone/"]
+  # TODO(mattymo): Uncomment when this field works
+  #cross-depended-by:
+  #  - name: /(?!haproxy|primary|standalone)-keystone/
+  #    role: self
  parameters:
    puppet_manifest: 'keystone-controller.pp'
    puppet_modules: '/etc/puppet/modules'
    timeout: 600

-#Disable keystone base tasks on controllers
- id: primary-keystone
-  type: skipped
-
- id: keystone
-  version: 2.0.0
-  type: skipped
-
- id: keystone-db
-  version: 2.0.0
-  type: skipped
-
- id: openstack-haproxy-keystone
-  version: 2.0.0
-  type: skipped
-
- id: workloads_collector_add
-  version: 2.0.0
-  type: skipped
-
- id: disable_keystone_service_token
-  version: 2.0.0
-  type: skipped
-
- id: keystone-hiera-override
-  version: 2.0.0
-  type: puppet
-  groups: [primary-controller, controller, primary-standalone-keystone,
-    standalone-keystone, cinder, cinder-vmware, compute, ceph-osd,
-    primary-mongo, mongo]
-  requires: [globals]
-  required_for: [logging, keystone-controller]
-  parameters:
-    puppet_manifest: 'hiera-override.pp'
-    puppet_modules: '/etc/puppet/modules'
-    timeout: 120
--- a/environment_config.yaml
+++ b/environment_config.yaml
@ -2,14 +2,8 @@ attributes:
  metadata:
    label: "Detach Keystone Plugin"
    weight: 90
-    restrictions:
-      - condition: "settings:detach-database.metadata.enabled == false"
-        message: "Detach Database plugin should be installed and enabled."
  yaml_additional_config:
    description: |
-      NOTE: This plugin requires the Detach Database plugin, located at
-      https://github.com/stackforge/fuel-plugin-detach-database
-      You cannot add any Keystone role nodes without enabling the plugin.
      This field contains free form YAML to provide extra parameters.
    type: "textarea"
    weight: 52
--- a/node_roles.yaml
+++ b/node_roles.yaml
@ -11,6 +11,3 @@ standalone-keystone:
    min: 1
  update_required:
    - standalone-keystone
-  restrictions:
-    - condition: "settings:detach-database.metadata.enabled == false"
-      message: "Detach Database plugin should be installed and enabled."