remove hiera call from modules

Change-Id: I643c0ee1eca02b1a3c5c122e39d685396c64712e
2015-08-10 10:29:16 +02:00 · 2015-08-10 10:29:16 +02:00 · 61faeb0e3a
parent a68502c8c3
commit 61faeb0e3a
6 changed files with 107 additions and 49 deletions
--- a/README.md
+++ b/README.md
@ -35,7 +35,7 @@ Installation Guide
 Https plugin installation
 ----------------------------

-1. Clone the fuel-plugin repo from: https://github.com/stackforge/fuel-plugin-tls.git
+1. Clone the Fuel-plugin repo from: https://github.com/stackforge/fuel-plugin-tls.git

    ``git clone``

@ -56,7 +56,7 @@ Https plugin installation

 6. Install the tls plugin:

-   ``fuel plugins --install tls-<x.x.x>.rpm``
+   ``Fuel plugins --install tls-<x.x.x>.rpm``

 6. Plugin is ready to use and can be enabled on the Settings tab of the Fuel web UI.

@ -78,8 +78,8 @@ https plugin configuration
    - the certificate .key content

 	
-You must pass your .crt, .key, .ca files via fuel UI (settings tab)
-When you pass the content of the files in fuel ui, some "space" characters will appear, don't care about this puppet will remove it.
+You must pass your .crt, .key, .ca files via Fuel UI (settings tab)
+When you pass the content of the files in Fuel ui, some "space" characters will appear, don't care about this puppet will remove it.

 CRT file must be in the following format : 

@ -136,7 +136,7 @@ X43ceACVpWiv5DmBtEUrB8dbwxEJFaoPGqEswwdh1FDxzfsPdapyqGI5B8zRjnpa
 SR2QEYok/8lZeDgUOhXkGg==
 -----END PRIVATE KEY-----

-CA file must be in the following format : 
+CA file must be in the following format :

 -----BEGIN CERTIFICATE-----
 MIIDXTCCAkWgAwIBAgIJAJHydV1v41XIMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV
--- a/deployment_scripts/puppet/manifests/site.pp
+++ b/deployment_scripts/puppet/manifests/site.pp
@ -1,19 +1,47 @@
-$tls_hash    			= hiera('tls')
-$horizon_crt			= $tls_hash['horizon_crt']
-$horizon_key			= $tls_hash['horizon_key']
-$horizon_ca				= $tls_hash['horizon_ca']
-$nodes_hash       		= hiera('nodes')
-$controllers 			= hiera('controllers')
-$public_virtual_ip  	= hiera('public_vip')
-$internal_virtual_ip 	= hiera('management_vip')
+$tls_hash               = hiera('tls')
+$horizon_crt            = $tls_hash['horizon_crt']
+$horizon_key            = $tls_hash['horizon_key']
+$horizon_ca             = $tls_hash['horizon_ca']
+
+#do not use hiera for node parameters (see bug 1476957)
+$fuel_settings          = parseyaml(file('/etc/astute.yaml')) 
+$nodes_hash             = $::fuel_settings['nodes']
+$controllers            = concat(filter_nodes($nodes_hash,'role','primary-controller'), filter_nodes($nodes_hash,'role','controller'))
+$public_virtual_ip      = $::fuel_settings['public_vip']
+$internal_virtual_ip    = $::fuel_settings['management_vip']
+
+$servername             = hiera('public_vip')
+$horizon_hash           = hiera_hash('horizon',{})
+$cache_server_ip        = hiera('memcache_servers', $controller_nodes)
+$cache_server_port      = hiera('memcache_server_port', '11211')
+$neutron                = hiera('use_neutron')
+$keystone_host          = hiera('management_vip')
+$verbose                = hiera('verbose', true)
+$debug                  = hiera('debug')
+$package_ensure         = hiera('horizon_package_ensure', 'installed')
+$use_syslog             = hiera('use_syslog', true)
+$nova_quota             = hiera('nova_quota')
+
 class { 'tls::controller':
 	controllers			=> $controllers,
 	public_virtual_ip	=> $public_virtual_ip,
 	internal_virtual_ip	=> $internal_virtual_ip,
-    horizon_crt         =>  $horizon_crt,
-    horizon_key         =>  $horizon_key,
-    horizon_ca          =>  $horizon_ca,
-    external_ip         =>  $public_virtual_ip
+    horizon_crt         => $horizon_crt,
+    horizon_key         => $horizon_key,
+    horizon_ca          => $horizon_ca,
+    external_ip         => $public_virtual_ip,
+    nodes_hash          => $nodes_hash,
+    servername          => $servername,
+    horizon_hash        => $horizon_hash,
+    cache_server_ip     => $cache_server_ip,
+    cache_server_port   => $cache_server_port,
+    neutron             => $neutron,
+    keystone_host       => $keystone_host,
+    verbose             => $verbose,
+    debug               => $debug,
+    package_ensure      => $package_ensure,
+    use_syslog          => $use_syslog,
+    nova_quota          => $nova_quota
 }
  
  
--- a/deployment_scripts/puppet/manifests/site_compute.pp
+++ b/deployment_scripts/puppet/manifests/site_compute.pp
@ -1,9 +1,14 @@
-$tls_hash    			  = hiera('tls')
-$horizon_crt				= $tls_hash['horizon_crt']
-$horizon_key				= $tls_hash['horizon_key']
-$nodes_hash       	= hiera('nodes')
-$public_ip  	      = hiera('public_vip')
-$internal_ip 	      = hiera('management_vip')
+$tls_hash           = hiera('tls')
+$horizon_crt        = $tls_hash['horizon_crt']
+$horizon_key        = $tls_hash['horizon_key']
+$nodes_hash         = hiera('nodes')
+$public_ip          = hiera('public_vip')
+$internal_ip        = hiera('management_vip')
+
+#do not use hiera for node parameters (see bug 1476957)
+$fuel_settings          = parseyaml(file('/etc/astute.yaml')) 
+$public_virtual_ip      = $::fuel_settings['public_vip']
+$internal_virtual_ip    = $::fuel_settings['management_vip']

 class { 'tls::compute':
  public_virtual_ip   => $public_ip,
--- a/deployment_scripts/puppet/modules/tls/manifests/controller.pp
+++ b/deployment_scripts/puppet/modules/tls/manifests/controller.pp
@ -5,16 +5,27 @@ class tls::controller(
  $horizon_crt,
  $horizon_key,
  $horizon_ca,
-  $external_ip
+  $external_ip,
+  $nodes_hash,
+  $servername,
+  $horizon_hash,
+  $cache_server_ip,
+  $cache_server_port,
+  $neutron,
+  $keystone_host,
+  $verbose,
+  $debug,
+  $package_ensure,
+  $use_syslog,
+  $nova_quota
 ) {
-  $nodes_hash = hiera('nodes')
  $node = filter_nodes($nodes_hash,'name',$::hostname)
  $internal_address = $node[0]['internal_address']
  $bind_address = $internal_address
  $server_hostname = $external_ip
  include tls::params
  $apache_tls_path = $tls::params::apache_tls_path
-  
+
  #format crt and key files
  file { "$apache_tls_path" :
        ensure  => directory,
@ -50,10 +61,21 @@ class tls::controller(
    httpd_service   =>  $tls::params::httpd_service_name
  }->
  class { 'tls::horizon::horizon':
-    bind_address   =>  $bind_address,
+    bind_address          =>  $bind_address,
    controllers           =>  $controllers,
    public_virtual_ip     =>  $public_virtual_ip,
    internal_virtual_ip   =>  $internal_virtual_ip,
+    servername            => $servername,
+    horizon_hash          => $horizon_hash,
+    cache_server_ip       => $cache_server_ip,
+    cache_server_port     => $cache_server_port,
+    neutron               => $neutron,
+    keystone_host         => $keystone_host,
+    verbose               => $verbose,
+    debug                 => $debug,
+    package_ensure        => $package_ensure,
+    use_syslog            => $use_syslog,
+    nova_quota            => $nova_quota,
  }->  
  exec { "ha_proxy_restart":
    command => "/usr/sbin/crm resource restart p_haproxy",
--- a/deployment_scripts/puppet/modules/tls/manifests/horizon/horizon.pp
+++ b/deployment_scripts/puppet/modules/tls/manifests/horizon/horizon.pp
@ -3,35 +3,35 @@ class tls::horizon::horizon(
  $controllers,
  $public_virtual_ip,
  $internal_virtual_ip,
+  $servername,
+  $horizon_hash,
+  $cache_server_ip,
+  $cache_server_port,
+  $neutron,
+  $keystone_host,
+  $verbose,
+  $debug,
+  $package_ensure,
+  $use_syslog,
+  $nova_quota  
 ) {
  include tls::params
  $ssl_port                       = 443
-  $horizon_hash                   = hiera_hash('horizon',{})
  $root_url                       = $tls::params::root_url
  $horizon_cert                   = $tls::params::tls_cert_file
  $horizon_key                    = $tls::params::tls_key_file
  $horizon_ca                     = $tls::params::tls_ca_file
  $controller_internal_addresses  = nodes_to_hash($controllers,'name','internal_address')
  $controller_nodes               = ipsort(values($controller_internal_addresses))
-  $cache_server_ip                = hiera('memcache_servers', $controller_nodes)
-  $cache_server_port              = hiera('memcache_server_port', '11211')
  $swift                          = false
-  $neutron                        = hiera('use_neutron')
  $horizon_app_links              = undef
-  $keystone_host                  = hiera('management_vip')
  $keystone_scheme                = 'http'
  $keystone_default_role          = '_member_'
-  $verbose                        = hiera('verbose', true)
-  $debug                          = hiera('debug')
  $api_result_limit               = 1000
-  $package_ensure                 = hiera('horizon_package_ensure', 'installed')
  $use_ssl                        = true
-  $use_syslog                     = hiera('use_syslog', true)
  $log_level                      = 'WARNING'
-  $nova_quota                     = hiera('nova_quota')
  $local_settings_template        = 'openstack/horizon/local_settings.py.erb'
  $django_session_engine          = 'django.contrib.sessions.backends.cache'
-  $servername                     = hiera('public_vip')
  $cache_backend                  = 'horizon.backends.memcached.HorizonMemcached'
  $cache_options                  = ["'SOCKET_TIMEOUT': 1","'SERVER_RETRIES': 1","'DEAD_RETRY': 1"]
  
@ -128,15 +128,24 @@ class tls::horizon::horizon(
    horizon_ca             => $horizon_ca
  }

+  # Performance optimization for wsgi
+  if ($::memorysize_mb < 1200 or $::processorcount <= 3) {
+    $wsgi_processes = 2
+    $wsgi_threads = 9
+  } else {
+    $wsgi_processes = $::processorcount
+    $wsgi_threads = 15
+  }
+
  class { '::horizon::wsgi::apache':
    priority       => false,
    servername     => $public_virtual_ip,
    bind_address   => $bind_address,
    wsgi_processes => $wsgi_processes,
    wsgi_threads   => $wsgi_threads,
-    horizon_cert           => $horizon_cert ,
-    horizon_key            => $horizon_key,
-    horizon_ca            => $horizon_ca,
+    horizon_cert   => $horizon_cert ,
+    horizon_key    => $horizon_key,
+    horizon_ca     => $horizon_ca,
    listen_ssl     => $use_ssl,
    extra_params      => {
      default_vhost   => true,
--- a/deployment_scripts/puppet/modules/tls/manifests/params.pp
+++ b/deployment_scripts/puppet/modules/tls/manifests/params.pp
@ -9,10 +9,7 @@ class tls::params {
    $tls_cert_file			    = '/etc/apache2/TLS/horizon.crt'
    $tls_key_file			      = '/etc/apache2/TLS/horizon.key'
    $tls_ca_file            = '/etc/apache2/TLS/horizon.ca'
-    $root_url               = '/horizon'	
-    $apache_conf_file 		  = '/etc/apache2/conf-available/openstack-dashboard.conf'
-    $apache_vhost_file      = '/etc/apache2/sites-available/openstack-dashboard.conf'
-    $apache_port_file		    = '/etc/apache2/ports.conf'	
+    $root_url               = '/horizon'
  } elsif($::osfamily == 'RedHat') {
    $httpd_service_name 	  = 'httpd'
    $horizon_settings_file 	= '/etc/openstack-dashboard/local_settings'
@ -23,10 +20,7 @@ class tls::params {
    $tls_cert_file			    = '/etc/httpd/TLS/horizon.crt'
    $tls_key_file			      = '/etc/httpd/TLS/horizon.key'
    $tls_ca_file            = '/etc/httpd/TLS/horizon.ca'
-    $root_url               = '/dashboard'	
-    $apache_conf_file 		  = '/etc/httpd/conf.d/openstack-dashboard.conf'
-    $apache_vhost_file      = '/etc/httpd/conf.d/ssl.conf'
-    $apache_port_file		    = '/etc/httpd/conf.d/ports.conf'	
+    $root_url               = '/dashboard'
  } else {
    fail("unsupported family ${::osfamily}")
  }