x
/
packstack
Code Issues Proposed changes

Adds Hiera implementation within Packstack 

Packstack configures Hiera as data backend. Packstack puppet templates are now
using hiera() and hiera_array() functions to fetch data from hiera backend.

Packstack generates a defaults.yaml file in the /var/tmp/packstack directory.

Firewall rules for each openstack components are inserted into the hiera
backend as hash and created by the create_resources function.

Change-Id: Iab553a71264b0fc0f26d33a6304b545ad302f664
Fixes: rhbz#1145223
Signed-off-by: Gael Chamoulaud <gchamoul@redhat.com>
This commit is contained in:
Gael Chamoulaud 2014-10-06 11:37:22 +02:00 committed by Lukas Bezdicka
parent a0454d82fa
commit 219cf98b4f
132 changed files with 1706 additions and 1376 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
packstack/installer/basedefs.py
View File

@ -43,6 +43,8 @@ VAR_DIR = tempfile.mkdtemp(prefix=_tmpdirprefix, dir=PACKSTACK_VAR_DIR)
DIR_LOG = VAR_DIR
PUPPET_MANIFEST_RELATIVE = "manifests"
PUPPET_MANIFEST_DIR = os.path.join(VAR_DIR, PUPPET_MANIFEST_RELATIVE)
HIERADATA_FILE_RELATIVE = "hieradata"
HIERADATA_DIR = os.path.join(VAR_DIR, HIERADATA_FILE_RELATIVE)
FILE_INSTALLER_LOG = "setup.log"

15
packstack/modules/ospluginutils.py
View File

@ -2,6 +2,7 @@
import logging
import os
import re
import yaml
from packstack.installer import basedefs
from packstack.installer.setup_controller import Controller
@ -11,6 +12,7 @@ controller = Controller()
PUPPET_DIR = os.path.join(basedefs.DIR_PROJECT_DIR, "puppet")
PUPPET_TEMPLATE_DIR = os.path.join(PUPPET_DIR, "templates")
HIERA_DEFAULTS_YAML = os.path.join(basedefs.HIERADATA_DIR, "defaults.yaml")
class NovaConfig(object):
@ -80,6 +82,19 @@ def appendManifestFile(manifest_name, data, marker=''):
manifestfiles.addFile(manifest_name, marker, data)
def generateHieraDataFile():
os.mkdir(basedefs.HIERADATA_DIR, 0700)
with open(HIERA_DEFAULTS_YAML, 'w') as outfile:
outfile.write(yaml.dump(controller.CONF,
explicit_start=True,
default_flow_style=False))
def createFirewallResources(hiera_key, default_value='{}'):
hiera_function = "hiera('%s', %s)" % (hiera_key, default_value)
return "create_resources(packstack::firewall, %s)\n\n" % hiera_function
def gethostlist(CONF):
hosts = []
for key, value in CONF.items():

30
packstack/plugins/amqp_002.py
View File

@ -15,7 +15,8 @@ from packstack.installer import utils
from packstack.modules.common import filtered_hosts
from packstack.modules.ospluginutils import (getManifestTemplate,
appendManifestFile)
appendManifestFile,
createFirewallResources)
#------------------ oVirt installer initialization ------------------
@ -219,7 +220,7 @@ def initSequences(controller):
def create_manifest(config, messages):
server = utils.ScriptRunner(config['CONFIG_AMQP_HOST'])
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
config['CONFIG_AMQP_ENABLE_SSL'] = 'true'
config['CONFIG_AMQP_ENABLE_SSL'] = True
config['CONFIG_AMQP_PROTOCOL'] = 'ssl'
config['CONFIG_AMQP_CLIENTS_PORT'] = "5671"
if config['CONFIG_AMQP_SSL_SELF_SIGNED'] == 'y':
@ -234,10 +235,10 @@ def create_manifest(config, messages):
# Set default values
config['CONFIG_AMQP_CLIENTS_PORT'] = "5672"
config['CONFIG_AMQP_SSL_PORT'] = "5671"
config['CONFIG_AMQP_SSL_CERT_FILE'] = ""
config['CONFIG_AMQP_SSL_KEY_FILE'] = ""
config['CONFIG_AMQP_NSS_CERTDB_PW'] = ""
config['CONFIG_AMQP_ENABLE_SSL'] = 'false'
config['CONFIG_AMQP_SSL_CERT_FILE'] = ''
config['CONFIG_AMQP_SSL_KEY_FILE'] = ''
config['CONFIG_AMQP_NSS_CERTDB_PW'] = ''
config['CONFIG_AMQP_ENABLE_SSL'] = False
config['CONFIG_AMQP_PROTOCOL'] = 'tcp'
if config['CONFIG_AMQP_ENABLE_AUTH'] == 'n':
@ -247,14 +248,17 @@ def create_manifest(config, messages):
manifestfile = "%s_amqp.pp" % config['CONFIG_AMQP_HOST']
manifestdata = getManifestTemplate('amqp.pp')
fw_details = dict()
# All hosts should be able to talk to amqp
config['FIREWALL_SERVICE_NAME'] = "amqp"
config['FIREWALL_PORTS'] = "['5671', '5672']"
config['FIREWALL_CHAIN'] = "INPUT"
config['FIREWALL_PROTOCOL'] = 'tcp'
for host in filtered_hosts(config, exclude=False):
config['FIREWALL_ALLOWED'] = "'%s'" % host
config['FIREWALL_SERVICE_ID'] = "amqp_%s" % host
manifestdata += getManifestTemplate("firewall.pp")
key = "amqp_%s" % host
fw_details.setdefault(key, {})
fw_details[key]['host'] = "%s" % host
fw_details[key]['service_name'] = "amqp"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['5671', '5672']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_AMQP_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_AMQP_RULES')
appendManifestFile(manifestfile, manifestdata, 'pre')

38
packstack/plugins/ceilometer_800.py
View File

@ -13,7 +13,8 @@ from packstack.installer import validators
from packstack.installer import processors
from packstack.modules.shortcuts import get_mq
from packstack.modules.ospluginutils import (getManifestTemplate,
appendManifestFile)
appendManifestFile,
createFirewallResources)
#------------------ oVirt installer initialization ------------------
@ -112,13 +113,17 @@ def create_manifest(config, messages):
manifestdata = getManifestTemplate(get_mq(config, "ceilometer"))
manifestdata += getManifestTemplate("ceilometer.pp")
config['FIREWALL_ALLOWED'] = "'ALL'"
config['FIREWALL_SERVICE_NAME'] = 'ceilometer-api'
config['FIREWALL_SERVICE_ID'] = 'ceilometer_api'
config['FIREWALL_PORTS'] = "'8777'"
config['FIREWALL_CHAIN'] = "INPUT"
config['FIREWALL_PROTOCOL'] = 'tcp'
manifestdata += getManifestTemplate("firewall.pp")
fw_details = dict()
key = "ceilometer_api"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "ceilometer-api"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['8777']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_CEILOMETER_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_CEILOMETER_RULES')
# Add a template that creates a group for nova because the ceilometer
# class needs it
if config['CONFIG_NOVA_INSTALL'] == 'n':
@ -129,11 +134,18 @@ def create_manifest(config, messages):
def create_mongodb_manifest(config, messages):
manifestfile = "%s_mongodb.pp" % config['CONFIG_MONGODB_HOST']
manifestdata = getManifestTemplate("mongodb.pp")
config['FIREWALL_ALLOWED'] = "'%s'" % config['CONFIG_CONTROLLER_HOST']
config['FIREWALL_SERVICE_NAME'] = 'mongodb-server'
config['FIREWALL_PORTS'] = "'27017'"
config['FIREWALL_PROTOCOL'] = 'tcp'
manifestdata += getManifestTemplate("firewall.pp")
fw_details = dict()
key = "mongodb_server"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "%s" % config['CONFIG_CONTROLLER_HOST']
fw_details[key]['service_name'] = "mongodb-server"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['27017']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_MONGODB_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_MONGODB_RULES')
appendManifestFile(manifestfile, manifestdata, 'pre')

72
packstack/plugins/cinder_250.py
View File

@ -20,7 +20,8 @@ from packstack.installer import utils
from packstack.modules.shortcuts import get_mq
from packstack.modules.ospluginutils import (getManifestTemplate,
appendManifestFile)
appendManifestFile,
createFirewallResources)
from packstack.installer import exceptions
from packstack.installer import output_messages
@ -125,10 +126,10 @@ def initConfig(controller):
"domain:/vol-name "),
"PROMPT": ("Enter a single or comma separated list of gluster "
"volume shares to use with Cinder"),
"OPTION_LIST": ["^'([\d]{1,3}\.){3}[\d]{1,3}:/.*'",
"^'[a-zA-Z0-9][\-\.\w]*:/.*'"],
"OPTION_LIST": ["^([\d]{1,3}\.){3}[\d]{1,3}:/.*",
"^[a-zA-Z0-9][\-\.\w]*:/.*"],
"VALIDATORS": [validators.validate_multi_regexp],
"PROCESSORS": [processors.process_add_quotes_around_values],
"PROCESSORS": [],
"DEFAULT_VALUE": "",
"MASK_INPUT": False,
"LOOSE_VALIDATION": True,
@ -144,9 +145,9 @@ def initConfig(controller):
"mount, eg: ip-address:/export-name "),
"PROMPT": ("Enter a single or comma seprated list of NFS exports "
"to use with Cinder"),
"OPTION_LIST": ["^'([\d]{1,3}\.){3}[\d]{1,3}:/.*'"],
"OPTION_LIST": ["^([\d]{1,3}\.){3}[\d]{1,3}:/.*"],
"VALIDATORS": [validators.validate_multi_regexp],
"PROCESSORS": [processors.process_add_quotes_around_values],
"PROCESSORS": [],
"DEFAULT_VALUE": "",
"MASK_INPUT": False,
"LOOSE_VALIDATION": True,
@ -592,10 +593,16 @@ def initSequences(controller):
if config['CONFIG_CINDER_INSTALL'] != 'y':
return
config['CONFIG_CINDER_BACKEND'] = str(
config['CONFIG_CINDER_BACKEND'] = (
[i.strip() for i in config['CONFIG_CINDER_BACKEND'].split(',') if i]
)
for key in ('CONFIG_CINDER_NETAPP_VOLUME_LIST',
'CONFIG_CINDER_GLUSTER_MOUNTS',
'CONFIG_CINDER_NFS_MOUNTS'):
if key in config:
config[key] = [i.strip() for i in config[key].split(',') if i]
cinder_steps = [
{'title': 'Adding Cinder Keystone manifest entries',
'functions': [create_keystone_manifest]},
@ -711,8 +718,7 @@ def create_manifest(config, messages):
manifestfile = "%s_cinder.pp" % config['CONFIG_STORAGE_HOST']
manifestdata += getManifestTemplate("cinder.pp")
backends = config['CONFIG_CINDER_BACKEND'].strip('[]')
backends = [i.strip('\' ') for i in backends.split(',')]
backends = config['CONFIG_CINDER_BACKEND']
if 'netapp' in backends:
backends.remove('netapp')
puppet_cdot_iscsi = "cinder_netapp_cdot_iscsi.pp"
@ -740,24 +746,36 @@ def create_manifest(config, messages):
if config['CONFIG_SWIFT_INSTALL'] == 'y':
manifestdata += getManifestTemplate('cinder_backup.pp')
config['FIREWALL_SERVICE_NAME'] = "cinder"
config['FIREWALL_PORTS'] = "['3260']"
config['FIREWALL_CHAIN'] = "INPUT"
config['FIREWALL_PROTOCOL'] = 'tcp'
if (config['CONFIG_NOVA_INSTALL'] == 'y' and
fw_details = dict()
for host in split_hosts(config['CONFIG_COMPUTE_HOSTS']):
if (config['CONFIG_NOVA_INSTALL'] == 'y' and
config['CONFIG_VMWARE_BACKEND'] == 'n'):
for host in split_hosts(config['CONFIG_COMPUTE_HOSTS']):
config['FIREWALL_ALLOWED'] = "'%s'" % host
config['FIREWALL_SERVICE_ID'] = "cinder_%s" % host
manifestdata += getManifestTemplate("firewall.pp")
else:
config['FIREWALL_ALLOWED'] = "'ALL'"
config['FIREWALL_SERVICE_ID'] = "cinder_ALL"
manifestdata += getManifestTemplate("firewall.pp")
key = "cinder_%s" % host
fw_details.setdefault(key, {})
fw_details[key]['host'] = "%s" % host
else:
key = "cinder_all"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "cinder"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['3260']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_CINDER_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_CINDER_RULES')
# cinder API should be open for everyone
config['FIREWALL_SERVICE_NAME'] = "cinder-api"
config['FIREWALL_ALLOWED'] = "'ALL'"
config['FIREWALL_SERVICE_ID'] = "cinder_API"
config['FIREWALL_PORTS'] = "['8776']"
manifestdata += getManifestTemplate("firewall.pp")
fw_details = dict()
key = "cinder_api"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "cinder-api"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['8776']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_CINDER_API_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_CINDER_API_RULES')
appendManifestFile(manifestfile, manifestdata)

16
packstack/plugins/dashboard_500.py
View File

@ -123,11 +123,11 @@ def create_manifest(config, messages):
manifestfile = "%s_horizon.pp" % horizon_host
proto = "http"
config["CONFIG_HORIZON_PORT"] = "'80'"
config["CONFIG_HORIZON_PORT"] = 80
sslmanifestdata = ''
if config["CONFIG_HORIZON_SSL"] == 'y':
config["CONFIG_HORIZON_SSL"] = 'true'
config["CONFIG_HORIZON_PORT"] = "'443'"
config["CONFIG_HORIZON_SSL"] = True
config["CONFIG_HORIZON_PORT"] = 443
proto = "https"
# Are we using the users cert/key files
@ -160,16 +160,16 @@ def create_manifest(config, messages):
"/etc/httpd/conf.d/ssl.conf on %s to use a CA signed cert."
% (utils.COLORS['red'], utils.COLORS['nocolor'], horizon_host))
else:
config["CONFIG_HORIZON_SSL"] = 'false'
config["CONFIG_HORIZON_SSL"] = False
config["CONFIG_HORIZON_NEUTRON_LB"] = 'false'
config["CONFIG_HORIZON_NEUTRON_FW"] = 'false'
config["CONFIG_HORIZON_NEUTRON_LB"] = False
config["CONFIG_HORIZON_NEUTRON_FW"] = False
if config['CONFIG_NEUTRON_INSTALL'] == 'y':
if config["CONFIG_LBAAS_INSTALL"] == 'y':
config["CONFIG_HORIZON_NEUTRON_LB"] = 'true'
config["CONFIG_HORIZON_NEUTRON_LB"] = True
if config["CONFIG_NEUTRON_FWAAS"] == 'y':
config["CONFIG_HORIZON_NEUTRON_FW"] = 'true'
config["CONFIG_HORIZON_NEUTRON_FW"] = True
manifestdata = getManifestTemplate("horizon.pp")
appendManifestFile(manifestfile, manifestdata)

23
packstack/plugins/glance_200.py
View File

@ -15,7 +15,8 @@ from packstack.installer.utils import split_hosts
from packstack.modules.shortcuts import get_mq
from packstack.modules.ospluginutils import (getManifestTemplate,
appendManifestFile)
appendManifestFile,
createFirewallResources)
#------------------ oVirt installer initialization ------------------
@ -126,15 +127,15 @@ def create_manifest(config, messages):
mq_template = get_mq(config, "glance_ceilometer")
manifestdata += getManifestTemplate(mq_template)
manifestdata += getManifestTemplate(
'glance_%s.pp' % config['CONFIG_GLANCE_BACKEND'])
config['FIREWALL_SERVICE_NAME'] = "glance"
config['FIREWALL_PORTS'] = "'9292'"
config['FIREWALL_CHAIN'] = "INPUT"
config['FIREWALL_PROTOCOL'] = 'tcp'
config['FIREWALL_ALLOWED'] = "'ALL'"
config['FIREWALL_SERVICE_ID'] = "glance_API"
manifestdata += getManifestTemplate("firewall.pp")
fw_details = dict()
key = "glance_api"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "glance"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['9292']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_GLANCE_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_GLANCE_RULES')
appendManifestFile(manifestfile, manifestdata)

60
packstack/plugins/heat_750.py
View File

@ -15,7 +15,8 @@ from packstack.installer import processors
from packstack.modules.shortcuts import get_mq
from packstack.modules.ospluginutils import (getManifestTemplate,
manifestfiles,
appendManifestFile)
appendManifestFile,
createFirewallResources)
#------------------ oVirt installer initialization ------------------
@ -193,13 +194,18 @@ def create_manifest(config, messages):
manifestdata += getManifestTemplate("heat.pp")
if config.get('CONFIG_HEAT_USING_TRUSTS', 'n') == 'y':
manifestdata += getManifestTemplate("heat_trusts.pp")
config['FIREWALL_SERVICE_NAME'] = "heat"
config['FIREWALL_PORTS'] = "'8004'"
config['FIREWALL_CHAIN'] = "INPUT"
config['FIREWALL_PROTOCOL'] = 'tcp'
config['FIREWALL_ALLOWED'] = "'ALL'"
config['FIREWALL_SERVICE_ID'] = "heat"
manifestdata += getManifestTemplate("firewall.pp")
fw_details = dict()
key = "heat"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "heat"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['8004']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_HEAT_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_HEAT_RULES')
appendManifestFile(manifestfile, manifestdata)
@ -217,13 +223,18 @@ def create_cloudwatch_manifest(config, messages):
manifestfile = "%s_heatcw.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate(get_mq(config, "heat"))
manifestdata += getManifestTemplate("heat_cloudwatch.pp")
config['FIREWALL_SERVICE_NAME'] = "heat api cloudwatch"
config['FIREWALL_PORTS'] = "'8003'"
config['FIREWALL_CHAIN'] = "INPUT"
config['FIREWALL_PROTOCOL'] = 'tcp'
config['FIREWALL_ALLOWED'] = "'ALL'"
config['FIREWALL_SERVICE_ID'] = "heat_api_cloudwatch"
manifestdata += getManifestTemplate("firewall.pp")
fw_details = dict()
key = "heat_api_cloudwatch"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "heat api cloudwatch"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['8003']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_HEAT_CLOUDWATCH_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_HEAT_CLOUDWATCH_RULES')
appendManifestFile(manifestfile, manifestdata, marker='heat')
@ -231,11 +242,16 @@ def create_cfn_manifest(config, messages):
manifestfile = "%s_heatcnf.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate(get_mq(config, "heat"))
manifestdata += getManifestTemplate("heat_cfn.pp")
config['FIREWALL_SERVICE_NAME'] = "heat_cfn"
config['FIREWALL_PORTS'] = "'8000'"
config['FIREWALL_CHAIN'] = "INPUT"
config['FIREWALL_PROTOCOL'] = 'tcp'
config['FIREWALL_ALLOWED'] = "'ALL'"
config['FIREWALL_SERVICE_ID'] = "heat_cfn"
manifestdata += getManifestTemplate("firewall.pp")
fw_details = dict()
key = "heat_cfn"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "heat cfn"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['8000']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_HEAT_CFN_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_HEAT_CFN_RULES')
appendManifestFile(manifestfile, manifestdata, marker='heat')

20
packstack/plugins/keystone_100.py
View File

@ -13,7 +13,8 @@ from packstack.installer import basedefs
from packstack.installer import utils
from packstack.modules.ospluginutils import (getManifestTemplate,
appendManifestFile)
appendManifestFile,
createFirewallResources)
#------------------ oVirt installer initialization ------------------
@ -142,12 +143,15 @@ def create_manifest(config, messages):
manifestfile = "%s_keystone.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate("keystone.pp")
config['FIREWALL_ALLOWED'] = "'ALL'"
config['FIREWALL_SERVICE_NAME'] = "keystone"
config['FIREWALL_SERVICE_ID'] = "keystone"
config['FIREWALL_PORTS'] = "['5000', '35357']"
config['FIREWALL_CHAIN'] = "INPUT"
config['FIREWALL_PROTOCOL'] = 'tcp'
manifestdata += getManifestTemplate("firewall.pp")
fw_details = dict()
key = "keystone"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "keystone"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['5000', '35357']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_KEYSTONE_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_KEYSTONE_RULES')
appendManifestFile(manifestfile, manifestdata)

20
packstack/plugins/mariadb_003.py
View File

@ -14,7 +14,8 @@ from packstack.installer.utils import split_hosts
from packstack.modules.common import filtered_hosts
from packstack.modules.ospluginutils import (getManifestTemplate,
appendManifestFile)
appendManifestFile,
createFirewallResources)
#------------------ oVirt installer initialization ------------------
@ -114,13 +115,16 @@ def create_manifest(config, messages):
hosts = filtered_hosts(config, exclude=False, dbhost=True)
config['FIREWALL_SERVICE_NAME'] = "mariadb"
config['FIREWALL_PORTS'] = "'3306'"
config['FIREWALL_CHAIN'] = "INPUT"
config['FIREWALL_PROTOCOL'] = 'tcp'
fw_details = dict()
for host in hosts:
config['FIREWALL_ALLOWED'] = "'%s'" % host
config['FIREWALL_SERVICE_ID'] = "mariadb_%s" % host
manifestdata.append(getManifestTemplate("firewall.pp"))
key = "mariadb_%s" % host
fw_details.setdefault(key, {})
fw_details[key]['host'] = "%s" % host
fw_details[key]['service_name'] = "mariadb"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['3306']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_MARIADB_RULES'] = fw_details
manifestdata.append(createFirewallResources('FIREWALL_MARIADB_RULES'))
appendManifestFile(manifestfile, "\n".join(manifestdata), 'pre')

22
packstack/plugins/nagios_910.py
View File

@ -14,7 +14,8 @@ from packstack.installer import utils
from packstack.modules.common import filtered_hosts
from packstack.modules.ospluginutils import (getManifestTemplate,
appendManifestFile)
appendManifestFile,
createFirewallResources)
#------------------ oVirt installer initialization ------------------
@ -185,14 +186,19 @@ def create_nrpe_manifests(config, messages):
config['CONFIG_NRPE_HOST'] = hostname
manifestfile = "%s_nagios_nrpe.pp" % hostname
manifestdata = getManifestTemplate("nagios_nrpe.pp")
# Only the Nagios host is allowed to talk to nrpe
config['FIREWALL_ALLOWED'] = "'%s'" % config['CONFIG_CONTROLLER_HOST']
config['FIREWALL_SERVICE_NAME'] = "nagios-nrpe"
config['FIREWALL_SERVICE_ID'] = "nagios_nrpe"
config['FIREWALL_PORTS'] = '5666'
config['FIREWALL_CHAIN'] = "INPUT"
config['FIREWALL_PROTOCOL'] = 'tcp'
manifestdata += getManifestTemplate("firewall.pp")
fw_details = dict()
key = "nagios_nrpe"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "%s" % config['CONFIG_CONTROLLER_HOST']
fw_details[key]['service_name'] = "nagios-nrpe"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['5666']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_NAGIOS_NRPE_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_NAGIOS_NRPE_RULES')
appendManifestFile(manifestfile, manifestdata)
messages.append("To use Nagios, browse to "

116
packstack/plugins/neutron_350.py
View File

@ -19,7 +19,8 @@ from packstack.installer.utils import split_hosts
from packstack.modules.common import filtered_hosts
from packstack.modules.shortcuts import get_mq
from packstack.modules.ospluginutils import (getManifestTemplate,
appendManifestFile)
appendManifestFile,
createFirewallResources)
#------------------ oVirt installer initialization ------------------
@ -569,9 +570,12 @@ def initSequences(controller):
'CONFIG_NEUTRON_ML2_VLAN_RANGES',
'CONFIG_NEUTRON_ML2_TUNNEL_ID_RANGES',
'CONFIG_NEUTRON_ML2_VNI_RANGES'):
config[key] = str([i.strip() for i in config[key].split(',') if i])
if config[key] == '':
config[key] = []
else:
config[key] = [i.strip() for i in config[key].split(',') if i]
key = 'CONFIG_NEUTRON_ML2_VXLAN_GROUP'
config[key] = "'%s'" % config[key] if config[key] else 'undef'
config[key] = "%s" % config[key] if config[key] else ''
config['CONFIG_NEUTRON_L2_DBNAME'] = plugin_db
config['CONFIG_NEUTRON_CORE_PLUGIN'] = plugin_path
@ -702,8 +706,7 @@ def get_agent_type(config):
# "vlan,gre" or "vlan,vxlan" so that VLANs are used if available,
# but tunnels are used if not.
tenant_types = config.get('CONFIG_NEUTRON_ML2_TENANT_NETWORK_TYPES',
"['local']").strip('[]')
tenant_types = [i.strip('"\'') for i in tenant_types.split(',')]
"local")
for i in ['gre', 'vxlan', 'vlan']:
if i in tenant_types:
@ -737,7 +740,7 @@ def create_manifests(config, messages):
'neutron.services.firewall.fwaas_plugin.FirewallPlugin'
)
config['SERVICE_PLUGINS'] = (str(service_plugins) if service_plugins
config['SERVICE_PLUGINS'] = (service_plugins if service_plugins
else 'undef')
if config['CONFIG_NEUTRON_L2_PLUGIN'] == 'openvswitch':
@ -765,33 +768,44 @@ def create_manifests(config, messages):
# XXX I am not completely sure about this, but it seems necessary:
manifest_data += getManifestTemplate(plugin_manifest)
#Firewall
config['FIREWALL_SERVICE_NAME'] = "neutron server"
config['FIREWALL_PORTS'] = "'9696'"
config['FIREWALL_CHAIN'] = "INPUT"
config['FIREWALL_PROTOCOL'] = 'tcp'
config['FIREWALL_ALLOWED'] = "'ALL'"
config['FIREWALL_SERVICE_ID'] = ("neutron_server_%s"
% (host))
manifest_data += getManifestTemplate("firewall.pp")
# Firewall
fw_details = dict()
key = "neutron_server_%s" % host
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "neutron server"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['9696']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_NEUTRON_SERVER_RULES'] = fw_details
manifest_data += createFirewallResources(
'FIREWALL_NEUTRON_SERVER_RULES'
)
appendManifestFile(manifest_file, manifest_data, 'neutron')
# We also need to open VXLAN/GRE port for agent
if use_openvswitch_vxlan(config) or use_openvswitch_gre(config):
fw_details = dict()
key = "neutron_tunnel"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "neutron tunnel port"
fw_details[key]['chain'] = "INPUT"
if use_openvswitch_vxlan(config):
config['FIREWALL_PROTOCOL'] = 'udp'
tunnel_port = ("'%s'"
% config['CONFIG_NEUTRON_OVS_VXLAN_UDP_PORT'])
fw_details[key]['proto'] = 'udp'
tun_port = "%s" % config['CONFIG_NEUTRON_OVS_VXLAN_UDP_PORT']
else:
config['FIREWALL_PROTOCOL'] = 'gre'
tunnel_port = 'undef'
config['FIREWALL_ALLOWED'] = "'ALL'"
config['FIREWALL_SERVICE_NAME'] = "neutron tunnel port"
config['FIREWALL_SERVICE_ID'] = ("neutron_tunnel")
config['FIREWALL_PORTS'] = tunnel_port
config['FIREWALL_CHAIN'] = "INPUT"
manifest_data = getManifestTemplate('firewall.pp')
fw_details[key]['proto'] = 'gre'
tun_port = 'undef'
fw_details[key]['ports'] = tun_port
config['FIREWALL_NEUTRON_TUNNEL_RULES'] = fw_details
manifest_data = createFirewallResources(
'FIREWALL_NEUTRON_TUNNEL_RULES'
)
appendManifestFile(manifest_file, manifest_data, 'neutron')
@ -839,21 +853,32 @@ def create_dhcp_manifests(config, messages):
manifest_data = getManifestTemplate("neutron_dhcp.pp")
manifest_file = "%s_neutron.pp" % (host,)
# Firewall Rules for dhcp in
config['FIREWALL_PROTOCOL'] = 'udp'
config['FIREWALL_ALLOWED'] = "'ALL'"
config['FIREWALL_SERVICE_NAME'] = "neutron dhcp in: "
config['FIREWALL_SERVICE_ID'] = "neutron_dhcp_in_%s" % host
config['FIREWALL_PORTS'] = "'67'"
config['FIREWALL_CHAIN'] = "INPUT"
manifest_data += getManifestTemplate("firewall.pp")
fw_details = dict()
key = "neutron_dhcp_in_%s" % host
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "neutron dhcp in"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['67']
fw_details[key]['proto'] = "udp"
config['FIREWALL_NEUTRON_DHCPIN_RULES'] = fw_details
manifest_data += createFirewallResources(
'FIREWALL_NEUTRON_DHCPIN_RULES'
)
# Firewall Rules for dhcp out
config['FIREWALL_PROTOCOL'] = 'udp'
config['FIREWALL_ALLOWED'] = "'ALL'"
config['FIREWALL_SERVICE_NAME'] = "neutron dhcp out: "
config['FIREWALL_SERVICE_ID'] = "neutron_dhcp_out_%s" % host
config['FIREWALL_PORTS'] = "'68'"
config['FIREWALL_CHAIN'] = "OUTPUT"
manifest_data += getManifestTemplate("firewall.pp")
fw_details = dict()
key = "neutron_dhcp_out_%s" % host
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "neutron dhcp out"
fw_details[key]['chain'] = "OUTPUT"
fw_details[key]['ports'] = ['68']
fw_details[key]['proto'] = "udp"
config['FIREWALL_NEUTRON_DHCPOUT_RULES'] = fw_details
manifest_data += createFirewallResources(
'FIREWALL_NEUTRON_DHCPOUT_RULES'
)
appendManifestFile(manifest_file, manifest_data, 'neutron')
@ -895,12 +920,11 @@ def create_l2_agent_manifests(config, messages):
# for other plugin template generation
if ('l2population' in
config.get('CONFIG_NEUTRON_ML2_MECHANISM_DRIVERS', [])):
config['CONFIG_NEUTRON_USE_L2POPULATION'] = 'true'
config['CONFIG_NEUTRON_USE_L2POPULATION'] = True
else:
config['CONFIG_NEUTRON_USE_L2POPULATION'] = 'false'
config['CONFIG_NEUTRON_USE_L2POPULATION'] = False
if agent == "openvswitch":
host_var = 'CONFIG_NEUTRON_OVS_HOST'
if plugin == agent:
# monolithic plugin installation
ovs_type = 'CONFIG_NEUTRON_OVS_TENANT_NETWORK_TYPE'
@ -919,7 +943,7 @@ def create_l2_agent_manifests(config, messages):
# expects this parameter to be an array, this parameter must be
# properly formatted by packstack, then consumed by the puppet module.
# For example, the input string 'A, B' should formatted as '['A','B']'.
config["CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS"] = str(bm_arr)
config["CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS"] = bm_arr
elif agent == "linuxbridge":
host_var = 'CONFIG_NEUTRON_LB_HOST'
template_name = 'neutron_lb_agent.pp'
@ -927,9 +951,9 @@ def create_l2_agent_manifests(config, messages):
raise KeyError("Unknown layer2 agent")
for host in network_hosts | compute_hosts:
config[host_var] = host
manifestfile = "%s_neutron.pp" % (host,)
manifestdata = getManifestTemplate(template_name)
manifestdata = "$cfg_neutron_ovs_host = '%s'\n" % host
manifestdata += getManifestTemplate(template_name)
appendManifestFile(manifestfile, manifestdata + "\n")
# neutron ovs port only on network hosts
if (

100
packstack/plugins/nova_300.py
View File

@ -15,7 +15,8 @@ from packstack.installer.exceptions import ScriptRuntimeError
from packstack.modules.shortcuts import get_mq
from packstack.modules.ospluginutils import (NovaConfig, getManifestTemplate,
appendManifestFile, manifestfiles)
appendManifestFile, manifestfiles,
createFirewallResources)
#------------------ oVirt installer initialization ------------------
@ -427,16 +428,21 @@ def create_api_manifest(config, messages):
config['CONFIG_NEUTRON_METADATA_PW_UNQUOTED'] = 'undef'
else:
config['CONFIG_NEUTRON_METADATA_PW_UNQUOTED'] = \
"'%s'" % config['CONFIG_NEUTRON_METADATA_PW']
"%s" % config['CONFIG_NEUTRON_METADATA_PW']
manifestfile = "%s_api_nova.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate("nova_api.pp")
config['FIREWALL_SERVICE_NAME'] = "nova api"
config['FIREWALL_PORTS'] = "['8773', '8774', '8775']"
config['FIREWALL_CHAIN'] = "INPUT"
config['FIREWALL_PROTOCOL'] = 'tcp'
config['FIREWALL_ALLOWED'] = "'ALL'"
config['FIREWALL_SERVICE_ID'] = "nova_api"
manifestdata += getManifestTemplate("firewall.pp")
fw_details = dict()
key = "nova_api"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "nova api"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['8773', '8774', '8775']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_NOVA_API_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_NOVA_API_RULES')
appendManifestFile(manifestfile, manifestdata, 'novaapi')
@ -473,6 +479,8 @@ def create_compute_manifest(config, messages):
)
ssh_hostkeys = ''
ssh_keys_details = {}
for host in compute_hosts:
try:
hostname, aliases, addrs = socket.gethostbyaddr(host)
@ -485,27 +493,33 @@ def create_compute_manifest(config, messages):
continue
_, host_key_type, host_key_data = hostkey.split()
config['SSH_HOST_NAME'] = hostname
config['SSH_HOST_ALIASES'] = ','.join(
'"%s"' % addr for addr in aliases + addrs
)
config['SSH_HOST_KEY'] = host_key_data
config['SSH_HOST_KEY_TYPE'] = host_key_type
ssh_hostkeys += getManifestTemplate("sshkey.pp")
key = "%s.%s" % (host_key_type, hostname)
ssh_keys_details.setdefault(key, {})
ssh_keys_details[key]['ensure'] = 'present'
ssh_keys_details[key]['host_aliases'] = aliases + addrs
ssh_keys_details[key]['key'] = host_key_data
ssh_keys_details[key]['type'] = host_key_type
config['SSH_KEYS'] = ssh_keys_details
ssh_hostkeys += getManifestTemplate("sshkey.pp")
for host in compute_hosts:
config["CONFIG_NOVA_COMPUTE_HOST"] = host
manifestdata = getManifestTemplate("nova_compute.pp")
fw_details = dict()
cf_fw_qemu_mig_key = "FIREWALL_NOVA_QEMU_MIG_RULES_%s" % host
for c_host in compute_hosts:
config['FIREWALL_SERVICE_NAME'] = "nova qemu migration"
config['FIREWALL_PORTS'] = ['16509', '49152-49215']
config['FIREWALL_CHAIN'] = "INPUT"
config['FIREWALL_PROTOCOL'] = 'tcp'
config['FIREWALL_ALLOWED'] = "'%s'" % c_host
config['FIREWALL_SERVICE_ID'] = ("nova_qemu_migration_%s_%s"
% (host, c_host))
manifestdata += getManifestTemplate("firewall.pp")
key = "nova_qemu_migration_%s_%s" % (host, c_host)
fw_details.setdefault(key, {})
fw_details[key]['host'] = "%s" % c_host
fw_details[key]['service_name'] = "nova qemu migration"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['16509', '49152-49215']
fw_details[key]['proto'] = "tcp"
config[cf_fw_qemu_mig_key] = fw_details
manifestdata += createFirewallResources(cf_fw_qemu_mig_key)
if config['CONFIG_VMWARE_BACKEND'] == 'y':
manifestdata += getManifestTemplate("nova_compute_vmware.pp")
@ -540,14 +554,19 @@ def create_compute_manifest(config, messages):
manifestdata += getManifestTemplate(mq_template)
manifestdata += getManifestTemplate("nova_ceilometer.pp")
config['FIREWALL_PORTS'] = ['5900-5999']
config['FIREWALL_ALLOWED'] = "'%s'" % config['CONFIG_CONTROLLER_HOST']
config['FIREWALL_SERVICE_NAME'] = "nova compute"
config['FIREWALL_SERVICE_ID'] = "nova_compute"
config['FIREWALL_CHAIN'] = "INPUT"
config['FIREWALL_PROTOCOL'] = 'tcp'
manifestdata += getManifestTemplate("firewall.pp")
fw_details = dict()
key = "nova_compute"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "%s" % config['CONFIG_CONTROLLER_HOST']
fw_details[key]['service_name'] = "nova compute"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['5900-5999']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_NOVA_COMPUTE_RULES'] = fw_details
manifestdata += "\n" + createFirewallResources(
'FIREWALL_NOVA_COMPUTE_RULES'
)
manifestdata += "\n" + nova_config_options.getManifestEntry()
manifestdata += "\n" + ssh_hostkeys
appendManifestFile(manifestfile, manifestdata)
@ -617,6 +636,7 @@ def create_common_manifest(config, messages):
dbacces_hosts |= network_hosts
for manifestfile, marker in manifestfiles.getFiles():
pw_in_sqlconn = False
if manifestfile.endswith("_nova.pp"):
host, manifest = manifestfile.split('_', 1)
host = host.strip()
@ -625,10 +645,17 @@ def create_common_manifest(config, messages):
# we should omit password in case we are installing only
# nova-compute to the host
perms = "nova"
pw_in_sqlconn = False
else:
perms = "nova:%(CONFIG_NOVA_DB_PW)s"
sqlconn = "mysql://%s@%%(CONFIG_MARIADB_HOST)s/nova" % perms
config['CONFIG_NOVA_SQL_CONN'] = sqlconn % config
perms = "nova:%s" % config['CONFIG_NOVA_DB_PW']
pw_in_sqlconn = True
sqlconn = "mysql://%s@%s/nova" % (perms,
config['CONFIG_MARIADB_HOST'])
if pw_in_sqlconn:
config['CONFIG_NOVA_SQL_CONN_PW'] = sqlconn
else:
config['CONFIG_NOVA_SQL_CONN_NOPW'] = sqlconn
# for nova-network in multihost mode each compute host is metadata
# host otherwise we use api host
@ -640,7 +667,10 @@ def create_common_manifest(config, messages):
config['CONFIG_NOVA_METADATA_HOST'] = metadata
data = getManifestTemplate(get_mq(config, "nova_common"))
data += getManifestTemplate("nova_common.pp")
if pw_in_sqlconn:
data += getManifestTemplate("nova_common_pw.pp")
else:
data += getManifestTemplate("nova_common_nopw.pp")
appendManifestFile(os.path.split(manifestfile)[1], data)

2
packstack/plugins/openstack_client_400.py
View File

@ -62,7 +62,7 @@ def create_manifest(config, messages):
no_root_allinone = (client_host == utils.get_localhost_ip() and
root_home != homedir)
config['NO_ROOT_USER_ALLINONE'] = no_root_allinone and 'true' or 'false'
config['NO_ROOT_USER_ALLINONE'] = no_root_allinone and True or False
manifestdata = getManifestTemplate("openstack_client.pp")
appendManifestFile(manifestfile, manifestdata)

2
packstack/plugins/prescript_000.py
View File

@ -666,7 +666,7 @@ def discover(config, messages):
def create_manifest(config, messages):
key = 'CONFIG_DEBUG_MODE'
config[key] = config[key] == 'y' and 'true' or 'false'
config[key] = config[key] == 'y' and True or False
for hostname in filtered_hosts(config):
manifestfile = "%s_prescript.pp" % hostname

4
packstack/plugins/provision_700.py
View File

@ -246,9 +246,9 @@ def initSequences(controller):
def marshall_conf_bool(conf, key):
if conf[key] == 'y':
conf[key] = 'true'
conf[key] = True
else:
conf[key] = 'false'
conf[key] = False
def using_heat(config):

28
packstack/plugins/puppet_950.py
View File

@ -15,7 +15,8 @@ from packstack.installer import basedefs, output_messages
from packstack.installer.exceptions import ScriptRuntimeError, PuppetError
from packstack.modules.common import filtered_hosts
from packstack.modules.ospluginutils import manifestfiles
from packstack.modules.ospluginutils import (manifestfiles,
generateHieraDataFile)
from packstack.modules.puppet import scan_logfile, validate_logfile
@ -129,7 +130,7 @@ def run_cleanup(config, messages):
def install_deps(config, messages):
deps = ["puppet", "openssh-clients", "tar", "nc"]
deps = ["puppet", "hiera", "openssh-clients", "tar", "nc"]
modules_pkg = 'openstack-puppet-modules'
local = utils.ScriptRunner()
@ -157,6 +158,18 @@ def install_deps(config, messages):
# yum does not fail if one of the packages is missing
for package in deps:
server.append("rpm -q --whatprovides %s" % (package))
# To avoid warning messages such as
# "Warning: Config file /etc/puppet/hiera.yaml not found, using Hiera
# defaults". We create a symbolic link to /etc/hiera.yaml.
server.append('[[ ! -L /etc/puppet/hiera.yaml ]] && '
'ln -s /etc/hiera.yaml /etc/puppet/hiera.yaml || '
'echo "hiera.yaml symlink already created"')
server.append("sed -i 's;:datadir:.*;:datadir: "
"%s/hieradata;g' /etc/puppet/hiera.yaml"
% config['HOST_DETAILS'][hostname]['tmpdir'])
server.execute()
@ -170,12 +183,21 @@ def copy_puppet_modules(config, messages):
'vcsrepo', 'vlan', 'vswitch', 'xinetd',
'openstacklib'))
# write puppet manifest to disk
# write puppet manifest to disk
manifestfiles.writeManifests()
# write hieradata file to disk
generateHieraDataFile()
server = utils.ScriptRunner()
for hostname in filtered_hosts(config):
host_dir = config['HOST_DETAILS'][hostname]['tmpdir']
# copy hiera defaults.yaml file
server.append("cd %s" % basedefs.HIERADATA_DIR)
server.append("tar --dereference -cpzf - ../hieradata | "
"ssh -o StrictHostKeyChecking=no "
"-o UserKnownHostsFile=/dev/null "
"root@%s tar -C %s -xpzf -" % (hostname, host_dir))
# copy Packstack manifests
server.append("cd %s/puppet" % basedefs.DIR_PROJECT_DIR)
server.append("cd %s" % basedefs.PUPPET_MANIFEST_DIR)

39
packstack/plugins/swift_600.py
View File

@ -18,7 +18,8 @@ from packstack.installer import utils
from packstack.installer.utils import split_hosts
from packstack.modules.ospluginutils import (getManifestTemplate,
appendManifestFile, manifestfiles)
appendManifestFile, manifestfiles,
createFirewallResources)
#------------------ oVirt installer initialization ------------------
@ -287,13 +288,18 @@ def create_builder_manifest(config, messages):
def create_proxy_manifest(config, messages):
manifestfile = "%s_swift.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate("swift_proxy.pp")
config['FIREWALL_SERVICE_NAME'] = "swift proxy"
config['FIREWALL_PORTS'] = "'8080'"
config['FIREWALL_CHAIN'] = "INPUT"
config['FIREWALL_PROTOCOL'] = 'tcp'
config['FIREWALL_ALLOWED'] = "'ALL'"
config['FIREWALL_SERVICE_ID'] = "swift_proxy"
manifestdata += getManifestTemplate("firewall.pp")
fw_details = dict()
key = "swift_proxy"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "swift proxy"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['8080']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_SWIFT_PROXY_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_SWIFT_PROXY_RULES')
appendManifestFile(manifestfile, manifestdata)
@ -324,15 +330,18 @@ def create_storage_manifest(config, messages):
if config['CONFIG_NOVA_INSTALL'] == 'y':
hosts |= split_hosts(config['CONFIG_COMPUTE_HOSTS'])
config['FIREWALL_SERVICE_NAME'] = "swift storage and rsync"
config['FIREWALL_PORTS'] = "['6000', '6001', '6002', '873']"
config['FIREWALL_CHAIN'] = "INPUT"
config['FIREWALL_PROTOCOL'] = 'tcp'
fw_details = dict()
for host in hosts:
config['FIREWALL_ALLOWED'] = "'%s'" % host
config['FIREWALL_SERVICE_ID'] = "swift_storage_and_rsync_%s" % host
manifestdata += getManifestTemplate("firewall.pp")
key = "swift_storage_and_rsync_%s" % host
fw_details.setdefault(key, {})
fw_details[key]['host'] = "%s" % host
fw_details[key]['service_name'] = "swift storage and rsync"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['6000', '6001', '6002', '873']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_SWIFT_STORAGE_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_SWIFT_STORAGE_RULES')
appendManifestFile(manifestfile, manifestdata)

89
packstack/puppet/templates/amqp.pp
View File

@ -1,42 +1,43 @@
$amqp = '%(CONFIG_AMQP_BACKEND)s'
$amqp = hiera('CONFIG_AMQP_BACKEND')
case $amqp {
'qpid': {
enable_qpid {"qpid":
enable_ssl => %(CONFIG_AMQP_ENABLE_SSL)s,
enable_auth => '%(CONFIG_AMQP_ENABLE_AUTH)s',
enable_qpid { 'qpid':
enable_ssl => hiera('CONFIG_AMQP_ENABLE_SSL'),
enable_auth => hiera('CONFIG_AMQP_ENABLE_AUTH'),
}
}
'rabbitmq': {
enable_rabbitmq {"rabbitmq":}
enable_rabbitmq { 'rabbitmq': }
}
default: {}
}
define enable_rabbitmq {
package { "erlang":
ensure => "installed"
package { 'erlang':
ensure => 'installed',
}
class {"rabbitmq":
port => '%(CONFIG_AMQP_CLIENTS_PORT)s',
ssl_management_port => '%(CONFIG_AMQP_SSL_PORT)s',
ssl => %(CONFIG_AMQP_ENABLE_SSL)s,
ssl_cert => '%(CONFIG_AMQP_SSL_CERT_FILE)s',
ssl_key => '%(CONFIG_AMQP_SSL_KEY_FILE)s',
default_user => '%(CONFIG_AMQP_AUTH_USER)s',
default_pass => '%(CONFIG_AMQP_AUTH_PASSWORD)s',
package_provider => 'yum',
admin_enable => false,
class { 'rabbitmq':
port => hiera('CONFIG_AMQP_CLIENTS_PORT'),
ssl_management_port => hiera('CONFIG_AMQP_SSL_PORT'),
ssl => hiera('CONFIG_AMQP_ENABLE_SSL'),
ssl_cert => hiera('CONFIG_AMQP_SSL_CERT_FILE'),
ssl_key => hiera('CONFIG_AMQP_SSL_KEY_FILE'),
default_user => hiera('CONFIG_AMQP_AUTH_USER'),
default_pass => hiera('CONFIG_AMQP_AUTH_PASSWORD'),
package_provider => 'yum',
admin_enable => false,
}
Package['erlang']->Class['rabbitmq']
Package['erlang'] -> Class['rabbitmq']
}
define enable_qpid($enable_ssl = 'n', $enable_auth = 'n') {
case $::operatingsystem {
'Fedora': {
if (is_integer($::operatingsystemrelease) and $::operatingsystemrelease >= 20) or $::operatingsystemrelease == "Rawhide" {
if (is_integer($::operatingsystemrelease) and $::operatingsystemrelease >= 20) or $::operatingsystemrelease == 'Rawhide' {
$config = '/etc/qpid/qpidd.conf'
} else {
$config = '/etc/qpidd.conf'
@ -56,18 +57,18 @@ define enable_qpid($enable_ssl = 'n', $enable_auth = 'n') {
}
}
class {"qpid::server":
config_file => $config,
auth => $enable_auth ? {
'y' => 'yes',
default => 'no',
},
clustered => false,
ssl_port => '%(CONFIG_AMQP_SSL_PORT)s',
ssl => %(CONFIG_AMQP_ENABLE_SSL)s,
ssl_cert => '%(CONFIG_AMQP_SSL_CERT_FILE)s',
ssl_key => '%(CONFIG_AMQP_SSL_KEY_FILE)s',
ssl_database_password => '%(CONFIG_AMQP_NSS_CERTDB_PW)s',
class { 'qpid::server':
config_file => $config,
auth => $enable_auth ? {
'y' => 'yes',
default => 'no',
},
clustered => false,
ssl_port => hiera('CONFIG_AMQP_SSL_PORT'),
ssl => hiera('CONFIG_AMQP_ENABLE_SSL'),
ssl_cert => hiera('CONFIG_AMQP_SSL_CERT_FILE'),
ssl_key => hiera('CONFIG_AMQP_SSL_KEY_FILE'),
ssl_database_password => hiera('CONFIG_AMQP_NSS_CERTDB_PW'),
}
if $enable_ssl {
@ -82,25 +83,27 @@ define enable_qpid($enable_ssl = 'n', $enable_auth = 'n') {
}
if $enable_auth == 'y' {
add_qpid_user {"qpid_user":}
add_qpid_user { 'qpid_user': }
}
}
define add_qpid_user {
qpid_user { '%(CONFIG_AMQP_AUTH_USER)s':
password => '%(CONFIG_AMQP_AUTH_PASSWORD)s',
file => '/var/lib/qpidd/qpidd.sasldb',
realm => 'QPID',
provider => 'saslpasswd2',
require => Class['qpid::server'],
$config_amqp_auth_user = hiera('CONFIG_AMQP_AUTH_USER')
qpid_user { $config_amqp_auth_user:
password => hiera('CONFIG_AMQP_AUTH_PASSWORD'),
file => '/var/lib/qpidd/qpidd.sasldb',
realm => 'QPID',
provider => 'saslpasswd2',
require => Class['qpid::server'],
}
file { 'sasldb_file':
path => '/var/lib/qpidd/qpidd.sasldb',
ensure => file,
owner => 'qpidd',
group => 'qpidd',
ensure => file,
path => '/var/lib/qpidd/qpidd.sasldb',
owner => 'qpidd',
group => 'qpidd',
require => Package['qpid-cpp-server'],
}
}

30
packstack/puppet/templates/ceilometer.pp
View File

@ -1,28 +1,28 @@
$config_mongodb_host = hiera('CONFIG_MONGODB_HOST')
class { 'ceilometer::db':
database_connection => 'mongodb://%(CONFIG_MONGODB_HOST)s:27017/ceilometer',
database_connection => "mongodb://${config_mongodb_host}:27017/ceilometer",
}
class { 'ceilometer::collector':
}
class { 'ceilometer::collector': }
class { 'ceilometer::agent::notification':
}
class { 'ceilometer::agent::notification': }
$config_controller_host = hiera('CONFIG_CONTROLLER_HOST')
class { 'ceilometer::agent::auth':
auth_url => 'http://%(CONFIG_CONTROLLER_HOST)s:35357/v2.0',
auth_password => '%(CONFIG_CEILOMETER_KS_PW)s',
auth_url => "http://${config_controller_host}:35357/v2.0",
auth_password => hiera('CONFIG_CEILOMETER_KS_PW'),
}
class { 'ceilometer::agent::central':
}
class { 'ceilometer::agent::central': }
class { 'ceilometer::alarm::notifier':
}
class { 'ceilometer::alarm::notifier':}
class { 'ceilometer::alarm::evaluator':
}
class { 'ceilometer::alarm::evaluator':}
class { 'ceilometer::api':
keystone_host => '%(CONFIG_CONTROLLER_HOST)s',
keystone_password => '%(CONFIG_CEILOMETER_KS_PW)s',
keystone_host => hiera('CONFIG_CONTROLLER_HOST'),
keystone_password => hiera('CONFIG_CEILOMETER_KS_PW'),
}

4
packstack/puppet/templates/ceilometer_nova_disabled.pp
View File

@ -1,5 +1,5 @@
group { "nova":
ensure => present,
group { 'nova':
ensure => present,
}
Group['nova'] -> Class['ceilometer']

18
packstack/puppet/templates/ceilometer_qpid.pp
View File

@ -1,11 +1,11 @@
class { 'ceilometer':
metering_secret => '%(CONFIG_CEILOMETER_SECRET)s',
qpid_hostname => '%(CONFIG_AMQP_HOST)s',
qpid_username => '%(CONFIG_AMQP_AUTH_USER)s',
qpid_password => '%(CONFIG_AMQP_AUTH_PASSWORD)s',
rpc_backend => 'ceilometer.openstack.common.rpc.impl_qpid',
verbose => true,
debug => %(CONFIG_DEBUG_MODE)s,
qpid_port => '%(CONFIG_AMQP_CLIENTS_PORT)s',
qpid_protocol => '%(CONFIG_AMQP_PROTOCOL)s'
metering_secret => hiera('CONFIG_CEILOMETER_SECRET'),
qpid_hostname => hiera('CONFIG_AMQP_HOST'),
qpid_username => hiera('CONFIG_AMQP_AUTH_USER'),
qpid_password => hiera('CONFIG_AMQP_AUTH_PASSWORD'),
rpc_backend => 'ceilometer.openstack.common.rpc.impl_qpid',
verbose => true,
debug => hiera('CONFIG_DEBUG_MODE'),
qpid_port => hiera('CONFIG_AMQP_CLIENTS_PORT'),
qpid_protocol => hiera('CONFIG_AMQP_PROTOCOL'),
}

14
packstack/puppet/templates/ceilometer_rabbitmq.pp
View File

@ -1,9 +1,9 @@
class { 'ceilometer':
metering_secret => '%(CONFIG_CEILOMETER_SECRET)s',
rabbit_host => '%(CONFIG_AMQP_HOST)s',
verbose => true,
debug => %(CONFIG_DEBUG_MODE)s,
rabbit_port => '%(CONFIG_AMQP_CLIENTS_PORT)s',
rabbit_userid => '%(CONFIG_AMQP_AUTH_USER)s',
rabbit_password => '%(CONFIG_AMQP_AUTH_PASSWORD)s',
metering_secret => hiera('CONFIG_CEILOMETER_SECRET'),
rabbit_host => hiera('CONFIG_AMQP_HOST'),
verbose => true,
debug => hiera('CONFIG_DEBUG_MODE'),
rabbit_port => hiera('CONFIG_AMQP_CLIENTS_PORT'),
rabbit_userid => hiera('CONFIG_AMQP_AUTH_USER'),
rabbit_password => hiera('CONFIG_AMQP_AUTH_PASSWORD'),
}

56
packstack/puppet/templates/chrony.pp
View File

@ -1,7 +1,10 @@
$cfg_ntp_server_def = hiera('CONFIG_NTP_SERVER_DEF')
$cfg_ntp_servers = hiera('CONFIG_NTP_SERVERS')
$config_content = "
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
%(CONFIG_NTP_SERVER_DEF)s
${cfg_ntp_server_def}
# Ignore stratum in source selection.
stratumweight 0
@ -44,38 +47,43 @@ logdir /var/log/chrony
#log measurements statistics tracking
"
package {'chrony':
ensure => 'installed',
name => 'chrony',
package { 'chrony':
ensure => 'installed',
name => 'chrony',
}
package {'ntpdate':
ensure => 'installed',
name => 'ntpdate',
package { 'ntpdate':
ensure => 'installed',
name => 'ntpdate',
}
file {'chrony_conf':
path => '/etc/chrony.conf',
ensure => file,
mode => '0644',
content => $config_content,
file { 'chrony_conf':
ensure => file,
path => '/etc/chrony.conf',
mode => '0644',
content => $config_content,
}
exec {'stop-chronyd':
command => '/usr/bin/systemctl stop chronyd.service',
exec { 'stop-chronyd':
command => '/usr/bin/systemctl stop chronyd.service',
}
exec {'ntpdate':
command => '/usr/sbin/ntpdate %(CONFIG_NTP_SERVERS)s',
tries => 3,
exec { 'ntpdate':
command => "/usr/sbin/ntpdate ${cfg_ntp_servers}",
tries => 3,
}
service {'chronyd':
ensure => 'running',
enable => true,
name => 'chronyd',
hasstatus => true,
hasrestart => true,
service { 'chronyd':
ensure => running,
enable => true,
name => 'chronyd',
hasstatus => true,
hasrestart => true,
}
Package['chrony'] -> Package['ntpdate'] -> File['chrony_conf'] -> Exec['stop-chronyd'] -> Exec['ntpdate'] -> Service['chronyd']
Package['chrony'] ->
Package['ntpdate'] ->
File['chrony_conf'] ->
Exec['stop-chronyd'] ->
Exec['ntpdate'] ->
Service['chronyd']

35
packstack/puppet/templates/cinder.pp
View File

@ -1,35 +1,34 @@
cinder_config {
"DEFAULT/glance_host": value => "%(CONFIG_STORAGE_HOST)s";
'DEFAULT/glance_host': value => hiera('CONFIG_STORAGE_HOST');
}
package {'python-keystone':
package { 'python-keystone':
notify => Class['cinder::api'],
}
class {'cinder::api':
keystone_password => '%(CONFIG_CINDER_KS_PW)s',
keystone_tenant => "services",
keystone_user => "cinder",
keystone_auth_host => "%(CONFIG_CONTROLLER_HOST)s",
class { 'cinder::api':
keystone_password => hiera('CONFIG_CINDER_KS_PW'),
keystone_tenant => 'services',
keystone_user => 'cinder',
keystone_auth_host => hiera('CONFIG_CONTROLLER_HOST'),
}
class {'cinder::scheduler':
}
class { 'cinder::scheduler': }
class {'cinder::volume':
}
class { 'cinder::volume': }
class {'cinder::client':
}
class { 'cinder::client': }
$cinder_config_controller_host = hiera('CONFIG_CONTROLLER_HOST')
# Cinder::Type requires keystone credentials
Cinder::Type {
os_password => '%(CONFIG_CINDER_KS_PW)s',
os_tenant_name => "services",
os_username => "cinder",
os_auth_url => "http://%(CONFIG_CONTROLLER_HOST)s:5000/v2.0/",
os_password => hiera('CONFIG_CINDER_KS_PW'),
os_tenant_name => 'services',
os_username => 'cinder',
os_auth_url => "http://${cinder_config_controller_host}:5000/v2.0/",
}
class { 'cinder::backends':
enabled_backends => %(CONFIG_CINDER_BACKEND)s,
enabled_backends => hiera_array('CONFIG_CINDER_BACKEND'),
}

9
packstack/puppet/templates/cinder_backup.pp
View File

@ -1,8 +1,11 @@
class { 'cinder::backup':
}
class { 'cinder::backup': }
$cinder_backup_conf_ctrl_host = hiera('CONFIG_CONTROLLER_HOST')
class { 'cinder::backup::swift':
backup_swift_url => 'http://%(CONFIG_CONTROLLER_HOST)s:8080/v1/AUTH_'
backup_swift_url => "http://${cinder_config_controller_host}:8080/v1/AUTH_",
}
Class['cinder::api'] ~> Service['cinder-backup']

6
packstack/puppet/templates/cinder_gluster.pp
View File

@ -1,7 +1,9 @@
package { 'glusterfs-fuse': ensure => present }
package { 'glusterfs-fuse':
ensure => present,
}
cinder::backend::glusterfs { 'gluster':
glusterfs_shares => [%(CONFIG_CINDER_GLUSTER_MOUNTS)s],
glusterfs_shares => hiera_array('CONFIG_CINDER_GLUSTER_MOUNTS'),
require => Package['glusterfs-fuse'],
glusterfs_shares_config => '/etc/cinder/glusterfs_shares.conf',
}

18
packstack/puppet/templates/cinder_lvm.pp
View File

@ -1,12 +1,12 @@
class { 'cinder::setup_test_volume':
size => '%(CONFIG_CINDER_VOLUMES_SIZE)s',
size => hiera('CONFIG_CINDER_VOLUMES_SIZE'),
loopback_device => '/dev/loop2',
volume_path => '/var/lib/cinder',
volume_name => 'cinder-volumes',
volume_path => '/var/lib/cinder',
volume_name => 'cinder-volumes',
}
# Add loop device on boot
$el_releases = ["RedHat", "CentOS", "Scientific"]
$el_releases = ['RedHat', 'CentOS', 'Scientific']
if $::operatingsystem in $el_releases and $::operatingsystemmajrelease < 7 {
file_line{ 'rc.local_losetup_cinder_volume':
@ -44,12 +44,12 @@ RequiredBy=openstack-cinder-volume.service',
exec { '/usr/bin/systemctl daemon-reload':
refreshonly => true,
before => Service['openstack-losetup'],
before => Service['openstack-losetup'],
}
service { 'openstack-losetup':
ensure => running,
enable => true,
ensure => running,
enable => true,
require => Class['cinder::setup_test_volume'],
}
@ -70,8 +70,8 @@ file_line { 'snapshot_autoextend_percent':
}
cinder::backend::iscsi { 'lvm':
iscsi_ip_address => '%(CONFIG_STORAGE_HOST)s',
require => Package['lvm2'],
iscsi_ip_address => hiera('CONFIG_STORAGE_HOST'),
require => Package['lvm2'],
}
cinder::type { 'iscsi':

20
packstack/puppet/templates/cinder_netapp_7mode_iscsi.pp
View File

@ -3,16 +3,16 @@
package { 'iscsi-initiator-utils': ensure => present }
cinder::backend::netapp { 'netapp':
netapp_login => "%(CONFIG_CINDER_NETAPP_LOGIN)s",
netapp_password => "%(CONFIG_CINDER_NETAPP_PASSWORD)s",
netapp_server_hostname => "%(CONFIG_CINDER_NETAPP_HOSTNAME)s",
netapp_server_port => "%(CONFIG_CINDER_NETAPP_SERVER_PORT)s",
netapp_size_multiplier => "%(CONFIG_CINDER_NETAPP_SIZE_MULTIPLIER)s",
netapp_storage_family => "%(CONFIG_CINDER_NETAPP_STORAGE_FAMILY)s",
netapp_storage_protocol => "%(CONFIG_CINDER_NETAPP_STORAGE_PROTOCOL)s",
netapp_transport_type => "%(CONFIG_CINDER_NETAPP_TRANSPORT_TYPE)s",
netapp_vfiler => "%(CONFIG_CINDER_NETAPP_VFILER)s",
netapp_volume_list => ["%(CONFIG_CINDER_NETAPP_VOLUME_LIST)s"],
netapp_login => hiera('CONFIG_CINDER_NETAPP_LOGIN'),
netapp_password => hiera('CONFIG_CINDER_NETAPP_PASSWORD'),
netapp_server_hostname => hiera('CONFIG_CINDER_NETAPP_HOSTNAME'),
netapp_server_port => hiera('CONFIG_CINDER_NETAPP_SERVER_PORT'),
netapp_size_multiplier => hiera('CONFIG_CINDER_NETAPP_SIZE_MULTIPLIER'),
netapp_storage_family => hiera('CONFIG_CINDER_NETAPP_STORAGE_FAMILY'),
netapp_storage_protocol => hiera('CONFIG_CINDER_NETAPP_STORAGE_PROTOCOL'),
netapp_transport_type => hiera('CONFIG_CINDER_NETAPP_TRANSPORT_TYPE'),
netapp_vfiler => hiera('CONFIG_CINDER_NETAPP_VFILER'),
netapp_volume_list => hiera_array('CONFIG_CINDER_NETAPP_VOLUME_LIST'),
require => Package['iscsi-initiator-utils'],
}

22
packstack/puppet/templates/cinder_netapp_7mode_nfs.pp
View File

@ -3,17 +3,17 @@
package { 'nfs-utils': ensure => present }
cinder::backend::netapp { 'netapp':
netapp_login => "%(CONFIG_CINDER_NETAPP_LOGIN)s",
netapp_password => "%(CONFIG_CINDER_NETAPP_PASSWORD)s",
netapp_server_hostname => "%(CONFIG_CINDER_NETAPP_HOSTNAME)s",
netapp_server_port => "%(CONFIG_CINDER_NETAPP_SERVER_PORT)s",
netapp_storage_family => "%(CONFIG_CINDER_NETAPP_STORAGE_FAMILY)s",
netapp_storage_protocol => "%(CONFIG_CINDER_NETAPP_STORAGE_PROTOCOL)s",
netapp_transport_type => "%(CONFIG_CINDER_NETAPP_TRANSPORT_TYPE)s",
expiry_thres_minutes => "%(CONFIG_CINDER_EXPIRY_THRES_MINUTES)s",
thres_avl_size_perc_start => "%(CONFIG_CINDER_NETAPP_THRES_AVL_SIZE_PERC_START)s",
thres_avl_size_perc_stop => "%(CONFIG_CINDER_NETAPP_THRES_AVL_SIZE_PERC_STOP)s",
nfs_shares_config => "%(CONFIG_CINDER_NETAPP_NFS_SHARES_CONFIG)s",
netapp_login => hiera('CONFIG_CINDER_NETAPP_LOGIN'),
netapp_password => hiera('CONFIG_CINDER_NETAPP_PASSWORD'),
netapp_server_hostname => hiera('CONFIG_CINDER_NETAPP_HOSTNAME'),
netapp_server_port => hiera('CONFIG_CINDER_NETAPP_SERVER_PORT'),
netapp_storage_family => hiera('CONFIG_CINDER_NETAPP_STORAGE_FAMILY'),
netapp_storage_protocol => hiera('CONFIG_CINDER_NETAPP_STORAGE_PROTOCOL'),
netapp_transport_type => hiera('CONFIG_CINDER_NETAPP_TRANSPORT_TYPE'),
expiry_thres_minutes => hiera('CONFIG_CINDER_EXPIRY_THRES_MINUTES'),
thres_avl_size_perc_start => hiera('CONFIG_CINDER_NETAPP_THRES_AVL_SIZE_PERC_START'),
thres_avl_size_perc_stop => hiera('CONFIG_CINDER_NETAPP_THRES_AVL_SIZE_PERC_STOP'),
nfs_shares_config => hiera('CONFIG_CINDER_NETAPP_NFS_SHARES_CONFIG'),
require => Package['nfs-utils'],
}

18
packstack/puppet/templates/cinder_netapp_cdot_iscsi.pp
View File

@ -3,15 +3,15 @@
package { 'iscsi-initiator-utils': ensure => present }
cinder::backend::netapp { 'netapp':
netapp_login => "%(CONFIG_CINDER_NETAPP_LOGIN)s",
netapp_password => "%(CONFIG_CINDER_NETAPP_PASSWORD)s",
netapp_server_hostname => "%(CONFIG_CINDER_NETAPP_HOSTNAME)s",
netapp_server_port => "%(CONFIG_CINDER_NETAPP_SERVER_PORT)s",
netapp_size_multiplier => "%(CONFIG_CINDER_NETAPP_SIZE_MULTIPLIER)s",
netapp_storage_family => "%(CONFIG_CINDER_NETAPP_STORAGE_FAMILY)s",
netapp_storage_protocol => "%(CONFIG_CINDER_NETAPP_STORAGE_PROTOCOL)s",
netapp_transport_type => "%(CONFIG_CINDER_NETAPP_TRANSPORT_TYPE)s",
netapp_vserver => "%(CONFIG_CINDER_NETAPP_VSERVER)s",
netapp_login => hiera('CONFIG_CINDER_NETAPP_LOGIN'),
netapp_password => hiera('CONFIG_CINDER_NETAPP_PASSWORD'),
netapp_server_hostname => hiera('CONFIG_CINDER_NETAPP_HOSTNAME'),
netapp_server_port => hiera('CONFIG_CINDER_NETAPP_SERVER_PORT'),
netapp_size_multiplier => hiera('CONFIG_CINDER_NETAPP_SIZE_MULTIPLIER'),
netapp_storage_family => hiera('CONFIG_CINDER_NETAPP_STORAGE_FAMILY'),
netapp_storage_protocol => hiera('CONFIG_CINDER_NETAPP_STORAGE_PROTOCOL'),
netapp_transport_type => hiera('CONFIG_CINDER_NETAPP_TRANSPORT_TYPE'),
netapp_vserver => hiera('CONFIG_CINDER_NETAPP_VSERVER'),
require => Package['iscsi-initiator-utils'],
}

24
packstack/puppet/templates/cinder_netapp_cdot_nfs.pp
View File

@ -3,18 +3,18 @@
package { 'nfs-utils': ensure => present }
cinder::backend::netapp { 'netapp':
netapp_login => "%(CONFIG_CINDER_NETAPP_LOGIN)s",
netapp_password => "%(CONFIG_CINDER_NETAPP_PASSWORD)s",
netapp_server_hostname => "%(CONFIG_CINDER_NETAPP_HOSTNAME)s",
netapp_server_port => "%(CONFIG_CINDER_NETAPP_SERVER_PORT)s",
netapp_storage_family => "%(CONFIG_CINDER_NETAPP_STORAGE_FAMILY)s",
netapp_storage_protocol => "%(CONFIG_CINDER_NETAPP_STORAGE_PROTOCOL)s",
netapp_transport_type => "%(CONFIG_CINDER_NETAPP_TRANSPORT_TYPE)s",
netapp_vserver => "%(CONFIG_CINDER_NETAPP_VSERVER)s",
expiry_thres_minutes => "%(CONFIG_CINDER_NETAPP_EXPIRY_THRES_MINUTES)s",
thres_avl_size_perc_start => "%(CONFIG_CINDER_NETAPP_THRES_AVL_SIZE_PERC_START)s",
thres_avl_size_perc_stop => "%(CONFIG_CINDER_NETAPP_THRES_AVL_SIZE_PERC_STOP)s",
nfs_shares_config => "%(CONFIG_CINDER_NETAPP_NFS_SHARES_CONFIG)s",
netapp_login => hiera('CONFIG_CINDER_NETAPP_LOGIN'),
netapp_password => hiera('CONFIG_CINDER_NETAPP_PASSWORD'),
netapp_server_hostname => hiera('CONFIG_CINDER_NETAPP_HOSTNAME'),
netapp_server_port => hiera('CONFIG_CINDER_NETAPP_SERVER_PORT'),
netapp_storage_family => hiera('CONFIG_CINDER_NETAPP_STORAGE_FAMILY'),
netapp_storage_protocol => hiera('CONFIG_CINDER_NETAPP_STORAGE_PROTOCOL'),
netapp_transport_type => hiera('CONFIG_CINDER_NETAPP_TRANSPORT_TYPE'),
netapp_vserver => hiera('CONFIG_CINDER_NETAPP_VSERVER'),
expiry_thres_minutes => hiera('CONFIG_CINDER_NETAPP_EXPIRY_THRES_MINUTES'),
thres_avl_size_perc_start => hiera('CONFIG_CINDER_NETAPP_THRES_AVL_SIZE_PERC_START'),
thres_avl_size_perc_stop => hiera('CONFIG_CINDER_NETAPP_THRES_AVL_SIZE_PERC_STOP'),
nfs_shares_config => hiera('CONFIG_CINDER_NETAPP_NFS_SHARES_CONFIG'),
require => Package['nfs-utils'],
}

22
packstack/puppet/templates/cinder_netapp_eseries.pp
View File

@ -3,17 +3,17 @@
package { 'iscsi-initiator-utils': ensure => present }
cinder::backend::netapp { 'netapp':
netapp_login => "%(CONFIG_CINDER_NETAPP_LOGIN)s",
netapp_password => "%(CONFIG_CINDER_NETAPP_PASSWORD)s",
netapp_server_hostname => "%(CONFIG_CINDER_NETAPP_HOSTNAME)s",
netapp_server_port => "%(CONFIG_CINDER_NETAPP_SERVER_PORT)s",
netapp_storage_family => "%(CONFIG_CINDER_NETAPP_STORAGE_FAMILY)s",
netapp_storage_protocol => "%(CONFIG_CINDER_NETAPP_STORAGE_PROTOCOL)s",
netapp_transport_type => "%(CONFIG_CINDER_NETAPP_TRANSPORT_TYPE)s",
netapp_controller_ips => "%(CONFIG_CINDER_NETAPP_CONTROLLER_IPS)s",
netapp_sa_password => "%(CONFIG_CINDER_NETAPP_SA_PASSWORD)s",
netapp_storage_pools => "%(CONFIG_CINDER_NETAPP_STORAGE_POOLS)s",
netapp_webservice_path => "%(CONFIG_CINDER_NETAPP_WEBSERVICE_PATH)s",
netapp_login => hiera('CONFIG_CINDER_NETAPP_LOGIN'),
netapp_password => hiera('CONFIG_CINDER_NETAPP_PASSWORD'),
netapp_server_hostname => hiera('CONFIG_CINDER_NETAPP_HOSTNAME'),
netapp_server_port => hiera('CONFIG_CINDER_NETAPP_SERVER_PORT'),
netapp_storage_family => hiera('CONFIG_CINDER_NETAPP_STORAGE_FAMILY'),
netapp_storage_protocol => hiera('CONFIG_CINDER_NETAPP_STORAGE_PROTOCOL'),
netapp_transport_type => hiera('CONFIG_CINDER_NETAPP_TRANSPORT_TYPE'),
netapp_controller_ips => hiera('CONFIG_CINDER_NETAPP_CONTROLLER_IPS'),
netapp_sa_password => hiera('CONFIG_CINDER_NETAPP_SA_PASSWORD'),
netapp_storage_pools => hiera('CONFIG_CINDER_NETAPP_STORAGE_POOLS'),
netapp_webservice_path => hiera('CONFIG_CINDER_NETAPP_WEBSERVICE_PATH'),
require => Package['iscsi-initiator-utils'],
}

2
packstack/puppet/templates/cinder_nfs.pp
View File

@ -1,7 +1,7 @@
package { 'nfs-utils': ensure => present }
cinder::backend::nfs { 'nfs':
nfs_servers => [%(CONFIG_CINDER_NFS_MOUNTS)s],
nfs_servers => hiera_array('CONFIG_CINDER_NFS_MOUNTS'),
require => Package['nfs-utils'],
nfs_shares_config => '/etc/cinder/nfs_shares.conf',
}

22
packstack/puppet/templates/cinder_qpid.pp
View File

@ -1,13 +1,15 @@
$cinder_qpid_cfg_cinder_db_pw = hiera('CONFIG_CINDER_DB_PW')
$cinder_qpid_cfg_mariadb_host = hiera('CONFIG_MARIADB_HOST')
class {'cinder':
rpc_backend => 'cinder.openstack.common.rpc.impl_qpid',
qpid_hostname => "%(CONFIG_AMQP_HOST)s",
qpid_port => '%(CONFIG_AMQP_CLIENTS_PORT)s',
qpid_protocol => '%(CONFIG_AMQP_PROTOCOL)s',
qpid_username => '%(CONFIG_AMQP_AUTH_USER)s',
qpid_password => '%(CONFIG_AMQP_AUTH_PASSWORD)s',
sql_connection => "mysql://cinder:%(CONFIG_CINDER_DB_PW)s@%(CONFIG_MARIADB_HOST)s/cinder",
verbose => true,
debug => %(CONFIG_DEBUG_MODE)s,
mysql_module => '2.2',
rpc_backend => 'cinder.openstack.common.rpc.impl_qpid',
qpid_hostname => hiera('CONFIG_AMQP_HOST'),
qpid_port => hiera('CONFIG_AMQP_CLIENTS_PORT'),
qpid_protocol => hiera('CONFIG_AMQP_PROTOCOL'),
qpid_username => hiera('CONFIG_AMQP_AUTH_USER'),
qpid_password => hiera('CONFIG_AMQP_AUTH_PASSWORD'),
sql_connection => "mysql://cinder:${cinder_qpid_cfg_cinder_db_pw}@${cinder_qpid_cfg_mariadb_host}/cinder",
verbose => true,
debug => hiera('CONFIG_DEBUG_MODE'),
mysql_module => '2.2',
}

18
packstack/puppet/templates/cinder_rabbitmq.pp
View File

@ -1,11 +1,13 @@
$cinder_rab_cfg_cinder_db_pw = hiera('CONFIG_CINDER_DB_PW')
$cinder_rab_cfg_mariadb_host = hiera('CONFIG_MARIADB_HOST')
class {'cinder':
rabbit_host => "%(CONFIG_AMQP_HOST)s",
rabbit_port => '%(CONFIG_AMQP_CLIENTS_PORT)s',
rabbit_userid => '%(CONFIG_AMQP_AUTH_USER)s',
rabbit_password => '%(CONFIG_AMQP_AUTH_PASSWORD)s',
sql_connection => "mysql://cinder:%(CONFIG_CINDER_DB_PW)s@%(CONFIG_MARIADB_HOST)s/cinder",
verbose => true,
debug => %(CONFIG_DEBUG_MODE)s,
mysql_module => '2.2',
rabbit_host => hiera('CONFIG_AMQP_HOST'),
rabbit_port => hiera('CONFIG_AMQP_CLIENTS_PORT'),
rabbit_userid => hiera('CONFIG_AMQP_AUTH_USER'),
rabbit_password => hiera('CONFIG_AMQP_AUTH_PASSWORD'),
sql_connection => "mysql://cinder:${cinder_rab_cfg_cinder_db_pw}@${cinder_rab_cfg_mariadb_host}/cinder",
verbose => true,
debug => hiera('CONFIG_DEBUG_MODE'),
mysql_module => '2.2',
}

6
packstack/puppet/templates/cinder_vmdk.pp
View File

@ -1,7 +1,7 @@
cinder::backend::vmdk { 'vmdk':
host_ip => "%(CONFIG_VCENTER_HOST)s",
host_username => "%(CONFIG_VCENTER_USER)s",
host_password => "%(CONFIG_VCENTER_PASSWORD)s",
host_ip => hiera('CONFIG_VCENTER_HOST'),
host_username => hiera('CONFIG_VCENTER_USER'),
host_password => hiera('CONFIG_VCENTER_PASSWORD'),
}
cinder::type { 'vmdk':

11
packstack/puppet/templates/firewall.pp
View File

@ -1,11 +0,0 @@
# Create firewall rules to allow only the FIREWALL_ALLOWED
# hosts that need to connect via FIREWALL_PORTS
# using FIREWALL_CHAIN
packstack::firewall {'%(FIREWALL_SERVICE_ID)s':
host => %(FIREWALL_ALLOWED)s,
service_name => '%(FIREWALL_SERVICE_NAME)s',
chain => '%(FIREWALL_CHAIN)s',
ports => %(FIREWALL_PORTS)s,
proto => '%(FIREWALL_PROTOCOL)s',
}

41
packstack/puppet/templates/glance.pp
View File

@ -1,23 +1,26 @@
$glance_ks_pw = hiera('CONFIG_GLANCE_DB_PW')
$glance_mariadb_host = hiera('CONFIG_MARIADB_HOST')
class {"glance::api":
auth_host => "%(CONFIG_CONTROLLER_HOST)s",
keystone_tenant => "services",
keystone_user => "glance",
keystone_password => "%(CONFIG_GLANCE_KS_PW)s",
pipeline => 'keystone',
sql_connection => "mysql://glance:%(CONFIG_GLANCE_DB_PW)s@%(CONFIG_MARIADB_HOST)s/glance",
verbose => true,
debug => %(CONFIG_DEBUG_MODE)s,
mysql_module => '2.2',
class { 'glance::api':
auth_host => hiera('CONFIG_CONTROLLER_HOST'),
keystone_tenant => 'services',
keystone_user => 'glance',
keystone_password => hiera('CONFIG_GLANCE_KS_PW'),
pipeline => 'keystone',
sql_connection => "mysql://glance:${glance_ks_pw}@${glance_mariadb_host}/glance",
verbose => true,
debug => hiera('CONFIG_DEBUG_MODE'),
mysql_module => '2.2',
}
class {"glance::registry":
auth_host => "%(CONFIG_CONTROLLER_HOST)s",
keystone_tenant => "services",
keystone_user => "glance",
keystone_password => "%(CONFIG_GLANCE_KS_PW)s",
sql_connection => "mysql://glance:%(CONFIG_GLANCE_DB_PW)s@%(CONFIG_MARIADB_HOST)s/glance",
verbose => true,
debug => %(CONFIG_DEBUG_MODE)s,
mysql_module => '2.2',
class { 'glance::registry':
auth_host => hiera('CONFIG_CONTROLLER_HOST'),
keystone_tenant => 'services',
keystone_user => 'glance',
keystone_password => hiera('CONFIG_GLANCE_KS_PW'),
sql_connection => "mysql://glance:${glance_ks_pw}@${glance_mariadb_host}/glance",
verbose => true,
debug => hiera('CONFIG_DEBUG_MODE'),
mysql_module => '2.2',
}

10
packstack/puppet/templates/glance_ceilometer_qpid.pp
View File

@ -1,8 +1,8 @@
class { 'glance::notify::qpid':
qpid_password => '%(CONFIG_AMQP_AUTH_PASSWORD)s',
qpid_username => '%(CONFIG_AMQP_AUTH_USER)s',
qpid_hostname => '%(CONFIG_AMQP_HOST)s',
qpid_port => '%(CONFIG_AMQP_CLIENTS_PORT)s',
qpid_protocol => '%(CONFIG_AMQP_PROTOCOL)s'
qpid_password => hiera('CONFIG_AMQP_AUTH_PASSWORD'),
qpid_username => hiera('CONFIG_AMQP_AUTH_USER'),
qpid_hostname => hiera('CONFIG_AMQP_HOST'),
qpid_port => hiera('CONFIG_AMQP_CLIENTS_PORT'),
qpid_protocol => hiera('CONFIG_AMQP_PROTOCOL'),
}

10
packstack/puppet/templates/glance_ceilometer_rabbitmq.pp
View File

@ -1,9 +1,9 @@
class { 'glance::notify::rabbitmq':
rabbit_host => '%(CONFIG_AMQP_HOST)s',
rabbit_port => '%(CONFIG_AMQP_CLIENTS_PORT)s',
rabbit_use_ssl => %(CONFIG_AMQP_ENABLE_SSL)s,
rabbit_userid => '%(CONFIG_AMQP_AUTH_USER)s',
rabbit_password => '%(CONFIG_AMQP_AUTH_PASSWORD)s',
rabbit_host => hiera('CONFIG_AMQP_HOST'),
rabbit_port => hiera('CONFIG_AMQP_CLIENTS_PORT'),
rabbit_use_ssl => hiera('CONFIG_AMQP_ENABLE_SSL'),
rabbit_userid => hiera('CONFIG_AMQP_AUTH_USER'),
rabbit_password => hiera('CONFIG_AMQP_AUTH_PASSWORD'),
}

2
packstack/puppet/templates/glance_file.pp
View File

@ -1,5 +1,5 @@
# TO-DO: Make this configurable
class { 'glance::backend::file':
filesystem_store_datadir => '/var/lib/glance/images/'
filesystem_store_datadir => '/var/lib/glance/images/',
}

7
packstack/puppet/templates/glance_swift.pp
View File

@ -1,10 +1,11 @@
$gla_bd_ct_h = hiera('CONFIG_CONTROLLER_HOST')
class { 'glance::backend::swift':
swift_store_user => 'services:glance',
swift_store_key => '%(CONFIG_GLANCE_KS_PW)s',
swift_store_auth_address => 'http://%(CONFIG_CONTROLLER_HOST)s:35357/v2.0/',
swift_store_key => hiera('CONFIG_GLANCE_KS_PW'),
swift_store_auth_address => "http://${gla_bd_ct_h}:35357/v2.0/",
swift_store_container => 'glance',
swift_store_auth_version => '2',
swift_store_large_object_size => '5120',
swift_store_create_container_on_put => true
swift_store_create_container_on_put => true,
}

2
packstack/puppet/templates/global.pp
View File

@ -1 +1 @@
Exec { timeout => %(DEFAULT_EXEC_TIMEOUT)s }
Exec { timeout => hiera('DEFAULT_EXEC_TIMEOUT') }

23
packstack/puppet/templates/heat.pp
View File

@ -1,21 +1,22 @@
class { 'heat::api':
}
class { 'heat::api': }
$heat_cfg_ctrl_host = hiera('CONFIG_CONTROLLER_HOST')
class { 'heat::engine':
heat_metadata_server_url => 'http://%(CONFIG_CONTROLLER_HOST)s:8000',
heat_waitcondition_server_url => 'http://%(CONFIG_CONTROLLER_HOST)s:8000/v1/waitcondition',
heat_watch_server_url => 'http://%(CONFIG_CONTROLLER_HOST)s:8003',
auth_encryption_key => '%(CONFIG_HEAT_AUTH_ENC_KEY)s',
heat_metadata_server_url => "http://${heat_cfg_ctrl_host}:8000",
heat_waitcondition_server_url => "http://${heat_cfg_ctrl_host}:8000/v1/waitcondition",
heat_watch_server_url => "http://${heat_cfg_ctrl_host}:8003",
auth_encryption_key => hiera('CONFIG_HEAT_AUTH_ENC_KEY'),
}
class { 'heat::keystone::domain':
auth_url => 'http://%(CONFIG_CONTROLLER_HOST)s:35357/v2.0',
auth_url => "http://${heat_cfg_ctrl_host}:35357/v2.0",
keystone_admin => 'admin',
keystone_password => '%(CONFIG_KEYSTONE_ADMIN_PW)s',
keystone_password => hiera('CONFIG_KEYSTONE_ADMIN_PW'),
keystone_tenant => 'admin',
domain_name => '%(CONFIG_HEAT_DOMAIN)s',
domain_admin => '%(CONFIG_HEAT_DOMAIN_ADMIN)s',
domain_password => '%(CONFIG_HEAT_DOMAIN_PASSWORD)s',
domain_name => hiera('CONFIG_HEAT_DOMAIN'),
domain_admin => hiera('CONFIG_HEAT_DOMAIN_ADMIN'),
domain_password => hiera('CONFIG_HEAT_DOMAIN_PASSWORD'),
}

13
packstack/puppet/templates/heat_cfn.pp
View File

@ -1,11 +1,12 @@
class { 'heat::api_cfn':
}
class { 'heat::api_cfn': }
$heat_cfn_cfg_ctrl_host = hiera('CONFIG_CONTROLLER_HOST')
class { 'heat::keystone::auth_cfn':
admin_address => '%(CONFIG_CONTROLLER_HOST)s',
public_address => '%(CONFIG_CONTROLLER_HOST)s',
internal_address => '%(CONFIG_CONTROLLER_HOST)s',
password => '%(CONFIG_HEAT_KS_PW)s'
admin_address => $heat_cfn_cfg_ctrl_host,
public_address => $heat_cfn_cfg_ctrl_host,
internal_address => $heat_cfn_cfg_ctrl_host,
password => hiera('CONFIG_HEAT_KS_PW'),
}

3
packstack/puppet/templates/heat_cloudwatch.pp
View File

@ -1,4 +1,3 @@
class { 'heat::api_cloudwatch':
}
class { 'heat::api_cloudwatch': }

30
packstack/puppet/templates/heat_qpid.pp
View File

@ -1,15 +1,19 @@
$heat_qpid_cfg_ctrl_host = hiera('CONFIG_CONTROLLER_HOST')
$heat_qpid_cfg_heat_db_pw = hiera('CONFIG_HEAT_DB_PW')
$heat_qpid_cfg_mariadb_host = hiera('CONFIG_MARIADB_HOST')
class { 'heat':
keystone_host => '%(CONFIG_CONTROLLER_HOST)s',
keystone_password => '%(CONFIG_HEAT_KS_PW)s',
auth_uri => 'http://%(CONFIG_CONTROLLER_HOST)s:35357/v2.0',
keystone_ec2_uri => 'http://%(CONFIG_CONTROLLER_HOST)s:35357/v2.0',
rpc_backend => 'heat.openstack.common.rpc.impl_qpid',
qpid_hostname => '%(CONFIG_AMQP_HOST)s',
qpid_username => '%(CONFIG_AMQP_AUTH_USER)s',
qpid_password => '%(CONFIG_AMQP_AUTH_PASSWORD)s',
qpid_port => '%(CONFIG_AMQP_CLIENTS_PORT)s',
qpid_protocol => '%(CONFIG_AMQP_PROTOCOL)s',
verbose => true,
debug => %(CONFIG_DEBUG_MODE)s,
sql_connection => "mysql://heat:%(CONFIG_HEAT_DB_PW)s@%(CONFIG_MARIADB_HOST)s/heat",
keystone_host => $heat_cfn_cfg_ctrl_host,
keystone_password => hiera('CONFIG_HEAT_KS_PW'),
auth_uri => "http://${heat_qpid_cfg_ctrl_host}:35357/v2.0",
keystone_ec2_uri => "http://${heat_qpid_cfg_ctrl_host}:35357/v2.0",
rpc_backend => 'heat.openstack.common.rpc.impl_qpid',
qpid_hostname => hiera('CONFIG_AMQP_HOST'),
qpid_username => hiera('CONFIG_AMQP_AUTH_USER'),
qpid_password => hiera('CONFIG_AMQP_AUTH_PASSWORD'),
qpid_port => hiera('CONFIG_AMQP_CLIENTS_PORT'),
qpid_protocol => hiera('CONFIG_AMQP_PROTOCOL'),
verbose => true,
debug => hiera('CONFIG_DEBUG_MODE'),
sql_connection => "mysql://heat:${heat_qpid_cfg_heat_db_pw}@${heat_qpid_cfg_mariadb_host}/heat",
}

26
packstack/puppet/templates/heat_rabbitmq.pp
View File

@ -1,13 +1,17 @@
$heat_rabbitmq_cfg_ctrl_host = hiera('CONFIG_CONTROLLER_HOST')
$heat_rabbitmq_cfg_heat_db_pw = hiera('CONFIG_HEAT_DB_PW')
$heat_rabbitmq_cfg_mariadb_host = hiera('CONFIG_MARIADB_HOST')
class { 'heat':
keystone_host => '%(CONFIG_CONTROLLER_HOST)s',
keystone_password => '%(CONFIG_HEAT_KS_PW)s',
auth_uri => 'http://%(CONFIG_CONTROLLER_HOST)s:35357/v2.0',
keystone_ec2_uri => 'http://%(CONFIG_CONTROLLER_HOST)s:35357/v2.0',
rpc_backend => 'heat.openstack.common.rpc.impl_kombu',
rabbit_host => '%(CONFIG_AMQP_HOST)s',
rabbit_userid => '%(CONFIG_AMQP_AUTH_USER)s',
rabbit_password => '%(CONFIG_AMQP_AUTH_PASSWORD)s',
verbose => true,
debug => %(CONFIG_DEBUG_MODE)s,
sql_connection => "mysql://heat:%(CONFIG_HEAT_DB_PW)s@%(CONFIG_MARIADB_HOST)s/heat",
keystone_host => $heat_rabbitmq_cfg_ctrl_host,
keystone_password => hiera('CONFIG_HEAT_KS_PW'),
auth_uri => "http://${heat_rabbitmq_cfg_ctrl_host}:35357/v2.0",
keystone_ec2_uri => "http://${heat_rabbitmq_cfg_ctrl_host}:35357/v2.0",
rpc_backend => 'heat.openstack.common.rpc.impl_kombu',
rabbit_host => hiera('CONFIG_AMQP_HOST'),
rabbit_userid => hiera('CONFIG_AMQP_AUTH_USER'),
rabbit_password => hiera('CONFIG_AMQP_AUTH_PASSWORD'),
verbose => true,
debug => hiera('CONFIG_DEBUG_MODE'),
sql_connection => "mysql://heat:${heat_rabbitmq_cfg_heat_db_pw}@${heat_rabbitmq_cfg_mariadb_host}/heat",
}

1
packstack/puppet/templates/heat_trusts.pp
View File

@ -8,3 +8,4 @@ keystone_user_role { 'admin@admin':
ensure => present,
roles => ['admin', '_member_', 'heat_stack_owner'],
}

73
packstack/puppet/templates/horizon.pp
View File

@ -1,40 +1,47 @@
include packstack::apache_common
$horizon_packages = ["python-memcached", "python-netaddr"]
$horizon_packages = ['python-memcached', 'python-netaddr']
package {$horizon_packages:
notify => Class["horizon"],
ensure => present,
package { $horizon_packages:
ensure => present,
notify => Class['horizon'],
}
$is_django_debug = hiera('CONFIG_DEBUG_MODE') ? {
true => 'True',
false => 'False',
}
class {'horizon':
secret_key => '%(CONFIG_HORIZON_SECRET_KEY)s',
keystone_host => '%(CONFIG_CONTROLLER_HOST)s',
secret_key => hiera('CONFIG_HORIZON_SECRET_KEY'),
keystone_host => hiera('CONFIG_CONTROLLER_HOST'),
keystone_default_role => '_member_',
#fqdn => ['%(CONFIG_CONTROLLER_HOST)s', "$::fqdn", 'localhost'],
# fqdn => [hiera('CONFIG_CONTROLLER_HOST'), "$::fqdn", 'localhost'],
# TO-DO: Parameter fqdn is used both for ALLOWED_HOSTS in settings_local.py
# and for ServerAlias directives in vhost.conf which is breaking server
# accessibility. We need ALLOWED_HOSTS values, but we have to avoid
# ServerAlias definitions. For now we will use this wildcard hack until
# puppet-horizon will have separate parameter for each config.
fqdn => '*',
# and for ServerAlias directives in vhost.conf which is breaking server
# accessibility. We need ALLOWED_HOSTS values, but we have to avoid
# ServerAlias definitions. For now we will use this wildcard hack until
# puppet-horizon will have separate parameter for each config.
fqdn => '*',
can_set_mount_point => 'False',
django_debug => %(CONFIG_DEBUG_MODE)s ? {true => 'True', false => 'False'},
listen_ssl => %(CONFIG_HORIZON_SSL)s,
horizon_cert => '/etc/pki/tls/certs/ssl_ps_server.crt',
horizon_key => '/etc/pki/tls/private/ssl_ps_server.key',
horizon_ca => '/etc/pki/tls/certs/ssl_ps_chain.crt',
neutron_options => {
'enable_lb' => %(CONFIG_HORIZON_NEUTRON_LB)s,
'enable_firewall' => %(CONFIG_HORIZON_NEUTRON_FW)s
django_debug => $is_django_debug,
listen_ssl => hiera('CONFIG_HORIZON_SSL'),
horizon_cert => '/etc/pki/tls/certs/ssl_ps_server.crt',
horizon_key => '/etc/pki/tls/private/ssl_ps_server.key',
horizon_ca => '/etc/pki/tls/certs/ssl_ps_chain.crt',
neutron_options => {
'enable_lb' => hiera('CONFIG_HORIZON_NEUTRON_LB'),
'enable_firewall' => hiera('CONFIG_HORIZON_NEUTRON_FW'),
},
}
if %(CONFIG_HORIZON_SSL)s {
$is_horizon_ssl = hiera('CONFIG_HORIZON_SSL')
if $is_horizon_ssl == true {
file {'/etc/pki/tls/certs/ps_generate_ssl_certs.ssh':
ensure => present,
content => template('packstack/ssl/generate_ssl_certs.sh.erb'),
ensure => present,
mode => '755',
mode => '0755',
}
exec {'/etc/pki/tls/certs/ps_generate_ssl_certs.ssh':
@ -62,19 +69,19 @@ if %(CONFIG_HORIZON_SSL)s {
}
}
class {'memcached':}
class { 'memcached': }
$firewall_port = %(CONFIG_HORIZON_PORT)s
$firewall_port = hiera('CONFIG_HORIZON_PORT')
firewall { "001 horizon ${firewall_port} incoming":
proto => 'tcp',
dport => [%(CONFIG_HORIZON_PORT)s],
action => 'accept',
proto => 'tcp',
dport => [$firewall_port],
action => 'accept',
}
if ($::selinux != "false"){
selboolean{'httpd_can_network_connect':
value => on,
persistent => true,
}
if ($::selinux != false) {
selboolean{ 'httpd_can_network_connect':
value => on,
persistent => true,
}
}

62
packstack/puppet/templates/keystone.pp
View File

@ -1,44 +1,50 @@
$keystone_use_ssl = false
$keystone_service_name = hiera('CONFIG_KEYSTONE_SERVICE_NAME')
$keystone_cfg_ks_db_pw = hiera('CONFIG_KEYSTONE_DB_PW')
$keystone_cfg_mariadb_host = hiera('CONFIG_MARIADB_HOST')
class {"keystone":
admin_token => "%(CONFIG_KEYSTONE_ADMIN_TOKEN)s",
sql_connection => "mysql://keystone_admin:%(CONFIG_KEYSTONE_DB_PW)s@%(CONFIG_MARIADB_HOST)s/keystone",
token_format => "%(CONFIG_KEYSTONE_TOKEN_FORMAT)s",
verbose => true,
debug => %(CONFIG_DEBUG_MODE)s,
mysql_module => '2.2',
service_name => '%(CONFIG_KEYSTONE_SERVICE_NAME)s',
enable_ssl => $keystone_use_ssl,
class { 'keystone':
admin_token => hiera('CONFIG_KEYSTONE_ADMIN_TOKEN'),
sql_connection => "mysql://keystone_admin:${keystone_cfg_ks_db_pw}@${keystone_cfg_mariadb_host}/keystone",
token_format => hiera('CONFIG_KEYSTONE_TOKEN_FORMAT'),
verbose => true,
debug => hiera('CONFIG_DEBUG_MODE'),
mysql_module => '2.2',
service_name => $keystone_service_name,
enable_ssl => $keystone_use_ssl,
}
if '%(CONFIG_KEYSTONE_SERVICE_NAME)s' == 'httpd' {
if $keystone_service_name == 'httpd' {
include packstack::apache_common
class {"keystone::wsgi::apache":
class { 'keystone::wsgi::apache':
ssl => $keystone_use_ssl,
}
}
class {"keystone::roles::admin":
email => "root@localhost",
password => "%(CONFIG_KEYSTONE_ADMIN_PW)s",
admin_tenant => "admin"
class { 'keystone::roles::admin':
email => 'root@localhost',
password => hiera('CONFIG_KEYSTONE_ADMIN_PW'),
admin_tenant => 'admin',
}
class {"keystone::endpoint":
region => "%(CONFIG_KEYSTONE_REGION)s",
public_address => "%(CONFIG_CONTROLLER_HOST)s",
admin_address => "%(CONFIG_CONTROLLER_HOST)s",
internal_address => "%(CONFIG_CONTROLLER_HOST)s",
class { 'keystone::endpoint':
region => hiera('CONFIG_KEYSTONE_REGION'),
public_address => hiera('CONFIG_CONTROLLER_HOST'),
admin_address => hiera('CONFIG_CONTROLLER_HOST'),
internal_address => hiera('CONFIG_CONTROLLER_HOST'),
}
# Run token flush every minute (without output so we won't spam admins)
cron { 'token-flush':
ensure => 'present',
command => '/usr/bin/keystone-manage token_flush >/dev/null 2>&1',
minute => '*/1',
user => 'keystone',
require => [User['keystone'], Group['keystone']],
} -> service { 'crond':
ensure => 'running',
enable => true,
ensure => 'present',
command => '/usr/bin/keystone-manage token_flush >/dev/null 2>&1',
minute => '*/1',
user => 'keystone',
require => [User['keystone'], Group['keystone']],
} ->
service { 'crond':
ensure => 'running',
enable => true,
}

10
packstack/puppet/templates/keystone_ceilometer.pp
View File

@ -1,8 +1,8 @@
class { 'ceilometer::keystone::auth':
region => '%(CONFIG_KEYSTONE_REGION)s',
password => '%(CONFIG_CEILOMETER_KS_PW)s',
public_address => "%(CONFIG_CONTROLLER_HOST)s",
admin_address => "%(CONFIG_CONTROLLER_HOST)s",
internal_address => "%(CONFIG_CONTROLLER_HOST)s",
region => hiera('CONFIG_KEYSTONE_REGION'),
password => hiera('CONFIG_CEILOMETER_KS_PW'),
public_address => hiera('CONFIG_CONTROLLER_HOST'),
admin_address => hiera('CONFIG_CONTROLLER_HOST'),
internal_address => hiera('CONFIG_CONTROLLER_HOST'),
}

12
packstack/puppet/templates/keystone_cinder.pp
View File

@ -1,9 +1,9 @@
class {"cinder::keystone::auth":
region => "%(CONFIG_KEYSTONE_REGION)s",
password => "%(CONFIG_CINDER_KS_PW)s",
public_address => "%(CONFIG_STORAGE_HOST)s",
admin_address => "%(CONFIG_STORAGE_HOST)s",
internal_address => "%(CONFIG_STORAGE_HOST)s",
class { 'cinder::keystone::auth':
region => hiera('CONFIG_KEYSTONE_REGION'),
password => hiera('CONFIG_CINDER_KS_PW'),
public_address => hiera('CONFIG_STORAGE_HOST'),
admin_address => hiera('CONFIG_STORAGE_HOST'),
internal_address => hiera('CONFIG_STORAGE_HOST'),
}

12
packstack/puppet/templates/keystone_glance.pp
View File

@ -1,8 +1,8 @@
class {"glance::keystone::auth":
region => "%(CONFIG_KEYSTONE_REGION)s",
password => "%(CONFIG_GLANCE_KS_PW)s",
public_address => "%(CONFIG_STORAGE_HOST)s",
admin_address => "%(CONFIG_STORAGE_HOST)s",
internal_address => "%(CONFIG_STORAGE_HOST)s",
class { 'glance::keystone::auth':
region => hiera('CONFIG_KEYSTONE_REGION'),
password => hiera('CONFIG_GLANCE_KS_PW'),
public_address => hiera('CONFIG_STORAGE_HOST'),
admin_address => hiera('CONFIG_STORAGE_HOST'),
internal_address => hiera('CONFIG_STORAGE_HOST'),
}

30
packstack/puppet/templates/keystone_heat.pp
View File

@ -1,18 +1,20 @@
# heat::keystone::auth
class {"heat::keystone::auth":
region => "%(CONFIG_KEYSTONE_REGION)s",
password => "%(CONFIG_HEAT_KS_PW)s",
public_address => "%(CONFIG_CONTROLLER_HOST)s",
admin_address => "%(CONFIG_CONTROLLER_HOST)s",
internal_address => "%(CONFIG_CONTROLLER_HOST)s",
class { 'heat::keystone::auth':
region => hiera('CONFIG_KEYSTONE_REGION'),
password => hiera('CONFIG_HEAT_KS_PW'),
public_address => hiera('CONFIG_CONTROLLER_HOST'),
admin_address => hiera('CONFIG_CONTROLLER_HOST'),
internal_address => hiera('CONFIG_CONTROLLER_HOST'),
}
if '%(CONFIG_HEAT_CFN_INSTALL)s' == 'y' {
# heat::keystone::cfn
class {"heat::keystone::auth_cfn":
password => "%(CONFIG_HEAT_KS_PW)s",
public_address => "%(CONFIG_CONTROLLER_HOST)s",
admin_address => "%(CONFIG_CONTROLLER_HOST)s",
internal_address => "%(CONFIG_CONTROLLER_HOST)s",
}
$is_heat_cfn_install = hiera('CONFIG_HEAT_CFN_INSTALL')
if $is_heat_cfn_install == 'y' {
# heat::keystone::cfn
class { "heat::keystone::auth_cfn":
password => hiera('CONFIG_HEAT_KS_PW'),
public_address => hiera('CONFIG_CONTROLLER_HOST'),
admin_address => hiera('CONFIG_CONTROLLER_HOST'),
internal_address => hiera('CONFIG_CONTROLLER_HOST'),
}
}

12
packstack/puppet/templates/keystone_neutron.pp
View File

@ -1,8 +1,8 @@
class {"neutron::keystone::auth":
region => "%(CONFIG_KEYSTONE_REGION)s",
password => "%(CONFIG_NEUTRON_KS_PW)s",
public_address => "%(CONFIG_CONTROLLER_HOST)s",
admin_address => "%(CONFIG_CONTROLLER_HOST)s",
internal_address => "%(CONFIG_CONTROLLER_HOST)s",
class { 'neutron::keystone::auth':
region => hiera('CONFIG_KEYSTONE_REGION'),
password => hiera('CONFIG_NEUTRON_KS_PW'),
public_address => hiera('CONFIG_CONTROLLER_HOST'),
admin_address => hiera('CONFIG_CONTROLLER_HOST'),
internal_address => hiera('CONFIG_CONTROLLER_HOST'),
}

14
packstack/puppet/templates/keystone_nova.pp
View File

@ -1,9 +1,9 @@
class {"nova::keystone::auth":
region => "%(CONFIG_KEYSTONE_REGION)s",
password => "%(CONFIG_NOVA_KS_PW)s",
public_address => "%(CONFIG_CONTROLLER_HOST)s",
admin_address => "%(CONFIG_CONTROLLER_HOST)s",
internal_address => "%(CONFIG_CONTROLLER_HOST)s",
cinder => true,
class { 'nova::keystone::auth':
region => hiera('CONFIG_KEYSTONE_REGION'),
password => hiera('CONFIG_NOVA_KS_PW'),
public_address => hiera('CONFIG_CONTROLLER_HOST'),
admin_address => hiera('CONFIG_CONTROLLER_HOST'),
internal_address => hiera('CONFIG_CONTROLLER_HOST'),
cinder => true,
}

6
packstack/puppet/templates/keystone_swift.pp
View File

@ -1,5 +1,5 @@
class { 'swift::keystone::auth':
public_address => '%(CONFIG_CONTROLLER_HOST)s',
region => '%(CONFIG_KEYSTONE_REGION)s',
password => '%(CONFIG_SWIFT_KS_PW)s',
public_address => hiera('CONFIG_CONTROLLER_HOST'),
region => hiera('CONFIG_KEYSTONE_REGION'),
password => hiera('CONFIG_SWIFT_KS_PW'),
}

10
packstack/puppet/templates/mariadb_cinder_install.pp
View File

@ -1,7 +1,7 @@
class {"cinder::db::mysql":
password => "%(CONFIG_CINDER_DB_PW)s",
host => "%%",
allowed_hosts => "%%",
charset => "utf8",
class { 'cinder::db::mysql':
password => hiera('CONFIG_CINDER_DB_PW'),
host => '%%',
allowed_hosts => '%%',
charset => 'utf8',
mysql_module => '2.2',
}

38
packstack/puppet/templates/mariadb_cinder_noinstall.pp
View File

@ -1,27 +1,29 @@
remote_database { 'cinder':
ensure => 'present',
charset => 'utf8',
db_host => '%(CONFIG_MARIADB_HOST)s',
db_user => '%(CONFIG_MARIADB_USER)s',
db_password => '%(CONFIG_MARIADB_PW)s',
provider => 'mysql',
ensure => 'present',
charset => 'utf8',
db_host => hiera('CONFIG_MARIADB_HOST'),
db_user => hiera('CONFIG_MARIADB_USER'),
db_password => hiera('CONFIG_MARIADB_PW'),
provider => 'mysql',
}
$mariadb_cinder_noinstall_db_pw = hiera('CONFIG_CINDER_DB_PW')
remote_database_user { 'cinder@%%':
password_hash => mysql_password('%(CONFIG_CINDER_DB_PW)s'),
db_host => '%(CONFIG_MARIADB_HOST)s',
db_user => '%(CONFIG_MARIADB_USER)s',
db_password => '%(CONFIG_MARIADB_PW)s',
provider => 'mysql',
require => Remote_database['cinder'],
password_hash => mysql_password($mariadb_cinder_noinstall_db_pw),
db_host => hiera('CONFIG_MARIADB_HOST'),
db_user => hiera('CONFIG_MARIADB_USER'),
db_password => hiera('CONFIG_MARIADB_PW'),
provider => 'mysql',
require => Remote_database['cinder'],
}
remote_database_grant { 'cinder@%%/cinder':
privileges => "all",
db_host => '%(CONFIG_MARIADB_HOST)s',
db_user => '%(CONFIG_MARIADB_USER)s',
db_password => '%(CONFIG_MARIADB_PW)s',
provider => 'mysql',
require => Remote_database_user['cinder@%%'],
privileges => 'all',
db_host => hiera('CONFIG_MARIADB_HOST'),
db_user => hiera('CONFIG_MARIADB_USER'),
db_password => hiera('CONFIG_MARIADB_PW'),
provider => 'mysql',
require => Remote_database_user['cinder@%%'],
}

10
packstack/puppet/templates/mariadb_glance_install.pp
View File

@ -1,7 +1,7 @@
class {"glance::db::mysql":
password => "%(CONFIG_GLANCE_DB_PW)s",
host => "%%",
allowed_hosts => "%%",
charset => "utf8",
class { 'glance::db::mysql':
password => hiera('CONFIG_GLANCE_DB_PW'),
host => '%%',
allowed_hosts => '%%',
charset => 'utf8',
mysql_module => '2.2',
}

38
packstack/puppet/templates/mariadb_glance_noinstall.pp
View File

@ -1,27 +1,29 @@
remote_database { 'glance':
ensure => 'present',
charset => 'utf8',
db_host => '%(CONFIG_MARIADB_HOST)s',
db_user => '%(CONFIG_MARIADB_USER)s',
db_password => '%(CONFIG_MARIADB_PW)s',
provider => 'mysql',
ensure => 'present',
charset => 'utf8',
db_host => hiera('CONFIG_MARIADB_HOST'),
db_user => hiera('CONFIG_MARIADB_USER'),
db_password => hiera('CONFIG_MARIADB_PW'),
provider => 'mysql',
}
$mariadb_glance_noinstall_db_pw = hiera('CONFIG_GLANCE_DB_PW')
remote_database_user { 'glance@%%':
password_hash => mysql_password('%(CONFIG_GLANCE_DB_PW)s' ),
db_host => '%(CONFIG_MARIADB_HOST)s',
db_user => '%(CONFIG_MARIADB_USER)s',
db_password => '%(CONFIG_MARIADB_PW)s',
provider => 'mysql',
require => Remote_database['glance'],
password_hash => mysql_password($mariadb_glance_noinstall_db_pw),
db_host => hiera('CONFIG_MARIADB_HOST'),
db_user => hiera('CONFIG_MARIADB_USER'),
db_password => hiera('CONFIG_MARIADB_PW'),
provider => 'mysql',
require => Remote_database['glance'],
}
remote_database_grant { 'glance@%%/glance':
privileges => "all",
db_host => '%(CONFIG_MARIADB_HOST)s',
db_user => '%(CONFIG_MARIADB_USER)s',
db_password => '%(CONFIG_MARIADB_PW)s',
provider => 'mysql',
require => Remote_database_user['glance@%%'],
privileges => 'all',
db_host => hiera('CONFIG_MARIADB_HOST'),
db_user => hiera('CONFIG_MARIADB_USER'),
db_password => hiera('CONFIG_MARIADB_PW'),
provider => 'mysql',
require => Remote_database_user['glance@%%'],
}

10
packstack/puppet/templates/mariadb_heat_install.pp
View File

@ -1,7 +1,7 @@
class {"heat::db::mysql":
password => "%(CONFIG_HEAT_DB_PW)s",
host => "%%",
allowed_hosts => "%%",
charset => "utf8",
class { 'heat::db::mysql':
password => hiera('CONFIG_HEAT_DB_PW'),
host => '%%',
allowed_hosts => '%%',
charset => 'utf8',
mysql_module => '2.2',
}

38
packstack/puppet/templates/mariadb_heat_noinstall.pp
View File

@ -1,27 +1,29 @@
remote_database { 'heat':
ensure => 'present',
charset => 'utf8',
db_host => '%(CONFIG_MARIADB_HOST)s',
db_user => '%(CONFIG_MARIADB_USER)s',
db_password => '%(CONFIG_MARIADB_PW)s',
provider => 'mysql',
ensure => 'present',
charset => 'utf8',
db_host => hiera('CONFIG_MARIADB_HOST'),
db_user => hiera('CONFIG_MARIADB_USER'),
db_password => hiera('CONFIG_MARIADB_PW'),
provider => 'mysql',
}
$mariadb_heat_noinstall_db_pw = hiera('CONFIG_HEAT_DB_PW')
remote_database_user { 'heat@%%':
password_hash => mysql_password('%(CONFIG_HEAT_DB_PW)s'),
db_host => '%(CONFIG_MARIADB_HOST)s',
db_user => '%(CONFIG_MARIADB_USER)s',
db_password => '%(CONFIG_MARIADB_PW)s',
provider => 'mysql',
require => Remote_database['heat'],
password_hash => mysql_password($mariadb_heat_noinstall_db_pw),
db_host => hiera('CONFIG_MARIADB_HOST'),
db_user => hiera('CONFIG_MARIADB_USER'),
db_password => hiera('CONFIG_MARIADB_PW'),
provider => 'mysql',
require => Remote_database['heat'],
}
remote_database_grant { 'heat@%%/heat':
privileges => "all",
db_host => '%(CONFIG_MARIADB_HOST)s',
db_user => '%(CONFIG_MARIADB_USER)s',
db_password => '%(CONFIG_MARIADB_PW)s',
provider => 'mysql',
require => Remote_database_user['heat@%%'],
privileges => 'all',
db_host => hiera('CONFIG_MARIADB_HOST'),
db_user => hiera('CONFIG_MARIADB_USER'),
db_password => hiera('CONFIG_MARIADB_PW'),
provider => 'mysql',
require => Remote_database_user['heat@%%'],
}

49
packstack/puppet/templates/mariadb_install.pp
View File

@ -1,36 +1,41 @@
# Package mariadb-server conflicts with mariadb-galera-server
package {"mariadb-server":
ensure => absent,
package { 'mariadb-server':
ensure => absent,
}
class {"mysql::server":
package_name => "mariadb-galera-server",
restart => true,
root_password => "%(CONFIG_MARIADB_PW)s",
require => Package['mariadb-server'],
override_options => {
'mysqld' => { bind_address => "0.0.0.0",
default_storage_engine => "InnoDB",
max_connections => "1024",
open_files_limit => '-1',
}
class { 'mysql::server':
package_name => 'mariadb-galera-server',
restart => true,
root_password => hiera('CONFIG_MARIADB_PW'),
require => Package['mariadb-server'],
override_options => {
'mysqld' => { bind_address => '0.0.0.0',
default_storage_engine => 'InnoDB',
max_connections => '1024',
open_files_limit => '-1',
}
}
}
# deleting database users for security
# this is done in mysql::server::account_security but has problems
# when there is no fqdn, so we're defining a slightly different one here
database_user { [ 'root@127.0.0.1', 'root@::1', '@localhost', '@%%' ]:
ensure => 'absent', require => Class['mysql::server'],
ensure => 'absent',
require => Class['mysql::server'],
}
if ($::fqdn != "" and $::fqdn != "localhost") {
database_user { [ "root@${::fqdn}", "@${::fqdn}"]:
ensure => 'absent', require => Class['mysql::server'],
}
if ($::fqdn != '' and $::fqdn != 'localhost') {
database_user { [ "root@${::fqdn}", "@${::fqdn}"]:
ensure => 'absent',
require => Class['mysql::server'],
}
}
if ($::fqdn != $::hostname and $::hostname != "localhost") {
database_user { ["root@${::hostname}", "@${::hostname}"]:
ensure => 'absent', require => Class['mysql::server'],
}
if ($::fqdn != $::hostname and $::hostname != 'localhost') {
database_user { ["root@${::hostname}", "@${::hostname}"]:
ensure => 'absent',
require => Class['mysql::server'],
}
}

12
packstack/puppet/templates/mariadb_keystone_install.pp
View File

@ -1,7 +1,7 @@
class {"keystone::db::mysql":
user => 'keystone_admin',
password => "%(CONFIG_KEYSTONE_DB_PW)s",
allowed_hosts => "%%",
charset => "utf8",
mysql_module => '2.2',
class { 'keystone::db::mysql':
user => 'keystone_admin',
password => hiera('CONFIG_KEYSTONE_DB_PW'),
allowed_hosts => '%%',
charset => 'utf8',
mysql_module => '2.2',
}

38
packstack/puppet/templates/mariadb_keystone_noinstall.pp
View File

@ -1,27 +1,29 @@
remote_database { 'keystone':
ensure => 'present',
charset => 'utf8',
db_host => '%(CONFIG_MARIADB_HOST)s',
db_user => '%(CONFIG_MARIADB_USER)s',
db_password => '%(CONFIG_MARIADB_PW)s',
provider => 'mysql',
ensure => 'present',
charset => 'utf8',
db_host => hiera('CONFIG_MARIADB_HOST'),
db_user => hiera('CONFIG_MARIADB_USER'),
db_password => hiera('CONFIG_MARIADB_PW'),
provider => 'mysql',
}
$mariadb_keystone_noinstall_db_pw = hiera('CONFIG_KEYSTONE_DB_PW')
remote_database_user { 'keystone_admin@%%':
password_hash => mysql_password('%(CONFIG_KEYSTONE_DB_PW)s' ),
db_host => '%(CONFIG_MARIADB_HOST)s',
db_user => '%(CONFIG_MARIADB_USER)s',
db_password => '%(CONFIG_MARIADB_PW)s',
provider => 'mysql',
require => Remote_database['keystone'],
password_hash => mysql_password($mariadb_keystone_noinstall_db_pw),
db_host => hiera('CONFIG_MARIADB_HOST'),
db_user => hiera('CONFIG_MARIADB_USER'),
db_password => hiera('CONFIG_MARIADB_PW'),
provider => 'mysql',
require => Remote_database['keystone'],
}
remote_database_grant { 'keystone_admin@%%/keystone':
privileges => "all",
db_host => '%(CONFIG_MARIADB_HOST)s',
db_user => '%(CONFIG_MARIADB_USER)s',
db_password => '%(CONFIG_MARIADB_PW)s',
provider => 'mysql',
require => Remote_database_user['keystone_admin@%%'],
privileges => 'all',
db_host => hiera('CONFIG_MARIADB_HOST'),
db_user => hiera('CONFIG_MARIADB_USER'),
db_password => hiera('CONFIG_MARIADB_PW'),
provider => 'mysql',
require => Remote_database_user['keystone_admin@%%'],
}

12
packstack/puppet/templates/mariadb_neutron_install.pp
View File

@ -1,8 +1,8 @@
class {"neutron::db::mysql":
password => "%(CONFIG_NEUTRON_DB_PW)s",
host => "%%",
allowed_hosts => "%%",
dbname => '%(CONFIG_NEUTRON_L2_DBNAME)s',
charset => "utf8",
class { 'neutron::db::mysql':
password => hiera('CONFIG_NEUTRON_DB_PW'),
host => '%%',
allowed_hosts => '%%',
dbname => hiera('CONFIG_NEUTRON_L2_DBNAME'),
charset => 'utf8',
mysql_module => '2.2',
}

43
packstack/puppet/templates/mariadb_neutron_noinstall.pp
View File

@ -1,27 +1,30 @@
remote_database { '%(CONFIG_NEUTRON_L2_DBNAME)s':
ensure => 'present',
charset => 'utf8',
db_host => '%(CONFIG_MARIADB_HOST)s',
db_user => '%(CONFIG_MARIADB_USER)s',
db_password => '%(CONFIG_MARIADB_PW)s',
provider => 'mysql',
$mariadb_neutron_noinstall_db_pw = hiera('CONFIG_NEUTRON_DB_PW')
$mariadb_neutron_noinstall_l2_dbname = hiera('CONFIG_NEUTRON_L2_DBNAME')
remote_database { $mariadb_neutron_noinstall_l2_dbname:
ensure => present,
charset => 'utf8',
db_host => hiera('CONFIG_MARIADB_HOST'),
db_user => hiera('CONFIG_MARIADB_USER'),
db_password => hiera('CONFIG_MARIADB_PW'),
provider => 'mysql',
}
remote_database_user { 'neutron@%%':
password_hash => mysql_password('%(CONFIG_NEUTRON_DB_PW)s' ),
db_host => '%(CONFIG_MARIADB_HOST)s',
db_user => '%(CONFIG_MARIADB_USER)s',
db_password => '%(CONFIG_MARIADB_PW)s',
provider => 'mysql',
require => Remote_database['%(CONFIG_NEUTRON_L2_DBNAME)s'],
password_hash => mysql_password($mariadb_neutron_noinstall_db_pw),
db_host => hiera('CONFIG_MARIADB_HOST'),
db_user => hiera('CONFIG_MARIADB_USER'),
db_password => hiera('CONFIG_MARIADB_PW'),
provider => 'mysql',
require => Remote_database[$mariadb_neutron_noinstall_l2_dbname],
}
remote_database_grant { 'neutron@%%/%(CONFIG_NEUTRON_L2_DBNAME)s':
privileges => "all",
db_host => '%(CONFIG_MARIADB_HOST)s',
db_user => '%(CONFIG_MARIADB_USER)s',
db_password => '%(CONFIG_MARIADB_PW)s',
provider => 'mysql',
require => Remote_database_user['neutron@%%'],
remote_database_grant { "neutron@%%/${mariadb_neutron_noinstall_l2_dbname}":
privileges => 'all',
db_host => hiera('CONFIG_MARIADB_HOST'),
db_user => hiera('CONFIG_MARIADB_USER'),
db_password => hiera('CONFIG_MARIADB_PW'),
provider => 'mysql',
require => Remote_database_user['neutron@%%'],
}

3
packstack/puppet/templates/mariadb_noinstall.pp
View File

@ -1,3 +1,2 @@
class { 'remote::db':
}
class { 'remote::db': }

10
packstack/puppet/templates/mariadb_nova_install.pp
View File

@ -1,7 +1,7 @@
class {"nova::db::mysql":
password => "%(CONFIG_NOVA_DB_PW)s",
host => "%%",
allowed_hosts => "%%",
charset => "utf8",
class { 'nova::db::mysql':
password => hiera('CONFIG_NOVA_DB_PW'),
host => '%%',
allowed_hosts => '%%',
charset => 'utf8',
mysql_module => '2.2',
}

38
packstack/puppet/templates/mariadb_nova_noinstall.pp
View File

@ -1,27 +1,29 @@
remote_database { 'nova':
ensure => 'present',
charset => 'utf8',
db_host => '%(CONFIG_MARIADB_HOST)s',
db_user => '%(CONFIG_MARIADB_USER)s',
db_password => '%(CONFIG_MARIADB_PW)s',
provider => 'mysql',
ensure => 'present',
charset => 'utf8',
db_host => hiera('CONFIG_MARIADB_HOST'),
db_user => hiera('CONFIG_MARIADB_USER'),
db_password => hiera('CONFIG_MARIADB_PW'),
provider => 'mysql',
}
$mariadb_nova_noinstall_db_pw = hiera('CONFIG_NOVA_DB_PW')
remote_database_user { 'nova@%%':
password_hash => mysql_password('%(CONFIG_NOVA_DB_PW)s' ),
db_host => '%(CONFIG_MARIADB_HOST)s',
db_user => '%(CONFIG_MARIADB_USER)s',
db_password => '%(CONFIG_MARIADB_PW)s',
provider => 'mysql',
require => Remote_database['nova'],
password_hash => mysql_password($mariadb_nova_noinstall_db_pw),
db_host => hiera('CONFIG_MARIADB_HOST'),
db_user => hiera('CONFIG_MARIADB_USER'),
db_password => hiera('CONFIG_MARIADB_PW'),
provider => 'mysql',
require => Remote_database['nova'],
}
remote_database_grant { 'nova@%%/nova':
privileges => "all",
db_host => '%(CONFIG_MARIADB_HOST)s',
db_user => '%(CONFIG_MARIADB_USER)s',
db_password => '%(CONFIG_MARIADB_PW)s',
provider => 'mysql',
require => Remote_database_user['nova@%%'],
privileges => 'all',
db_host => hiera('CONFIG_MARIADB_HOST'),
db_user => hiera('CONFIG_MARIADB_USER'),
db_password => hiera('CONFIG_MARIADB_PW'),
provider => 'mysql',
require => Remote_database_user['nova@%%'],
}

7
packstack/puppet/templates/mongodb.pp
View File

@ -1,4 +1,7 @@
$mongodb_host = hiera('CONFIG_MONGODB_HOST')
class { 'mongodb::server':
smallfiles => true,
bind_ip => ['%(CONFIG_MONGODB_HOST)s'],
smallfiles => true,
bind_ip => [$mongodb_host],
}

67
packstack/puppet/templates/nagios_nrpe.pp
View File

@ -1,43 +1,48 @@
package{'nrpe':
ensure => present,
before => Class['nagios_configs']
package{ 'nrpe':
ensure => present,
before => Class['nagios_configs'],
}
file{'/etc/nagios/nrpe.cfg':
ensure => 'present',
mode => '0644',
owner => 'nagios',
group => 'nagios',
require => Package['nrpe'],
file{ '/etc/nagios/nrpe.cfg':
ensure => 'present',
mode => '0644',
owner => 'nagios',
group => 'nagios',
require => Package['nrpe'],
}
class nagios_configs(){
file_line{'allowed_hosts':
path => '/etc/nagios/nrpe.cfg',
match => 'allowed_hosts=',
line => 'allowed_hosts=%(CONFIG_CONTROLLER_HOST)s',
}
class nagios_configs () {
$nagios_configs_cfg_ctrl_host = hiera('CONFIG_CONTROLLER_HOST')
# 5 minute load average
file_line{'load5':
path => '/etc/nagios/nrpe.cfg',
match => 'command\[load5\]=',
line => 'command[load5]=cut /proc/loadavg -f 1 -d " "',
}
file_line{'allowed_hosts':
path => '/etc/nagios/nrpe.cfg',
match => 'allowed_hosts=',
line => "allowed_hosts=${nagios_configs_cfg_ctrl_host}",
}
# disk used on /var
file_line{'df_var':
path => '/etc/nagios/nrpe.cfg',
match => "command\[df_var\]=",
line => "command[df_var]=df /var/ | sed -re 's/.* ([0-9]+)%%.*/\\1/' | grep -E '^[0-9]'",
}
# 5 minute load average
file_line{'load5':
path => '/etc/nagios/nrpe.cfg',
match => 'command\[load5\]=',
line => 'command[load5]=cut /proc/loadavg -f 1 -d " "',
}
# disk used on /var
file_line{'df_var':
path => '/etc/nagios/nrpe.cfg',
match => "command\[df_var\]=",
line => "command[df_var]=df /var/ | sed -re 's/.* ([0-9]+)%%.*/\\1/' | grep -E '^[0-9]'",
}
}
class{'nagios_configs':
notify => Service['nrpe'],
notify => Service['nrpe'],
}
service{'nrpe':
ensure => running,
enable => true,
hasstatus => true,
ensure => running,
enable => true,
hasstatus => true,
}

126
packstack/puppet/templates/nagios_server.pp
View File

@ -1,81 +1,99 @@
include packstack::apache_common
package{['nagios', 'nagios-plugins-nrpe']:
ensure => present,
before => Class['nagios_configs']
package { ['nagios', 'nagios-plugins-nrpe']:
ensure => present,
before => Class['nagios_configs'],
}
# We need to preferably install nagios-plugins-ping
exec { 'nagios-plugins-ping':
path => '/usr/bin',
command => 'yum install -y -d 0 -e 0 monitoring-plugins-ping',
onlyif => 'yum install -y -d 0 -e 0 nagios-plugins-ping &> /dev/null && exit 1 || exit 0',
before => Class['nagios_configs']
path => '/usr/bin',
command => 'yum install -y -d 0 -e 0 monitoring-plugins-ping',
onlyif => 'yum install -y -d 0 -e 0 nagios-plugins-ping &> /dev/null && exit 1 || exit 0',
before => Class['nagios_configs']
}
class nagios_configs(){
file{['/etc/nagios/nagios_command.cfg', '/etc/nagios/nagios_host.cfg']:
ensure => 'present',
mode => '0644',
owner => 'nagios',
group => 'nagios',
}
file { ['/etc/nagios/nagios_command.cfg', '/etc/nagios/nagios_host.cfg']:
ensure => 'present',
mode => '0644',
owner => 'nagios',
group => 'nagios',
}
# Remove the entry for localhost, it contains services we're not
# monitoring
file{['/etc/nagios/objects/localhost.cfg']:
ensure => 'present',
content => '',
}
# Remove the entry for localhost, it contains services we're not
# monitoring
file { ['/etc/nagios/objects/localhost.cfg']:
ensure => 'present',
content => '',
}
file_line{'nagios_host':
path => '/etc/nagios/nagios.cfg',
line => 'cfg_file=/etc/nagios/nagios_host.cfg',
}
file_line { 'nagios_host':
path => '/etc/nagios/nagios.cfg',
line => 'cfg_file=/etc/nagios/nagios_host.cfg',
}
file_line{'nagios_command':
path => '/etc/nagios/nagios.cfg',
line => 'cfg_file=/etc/nagios/nagios_command.cfg',
}
file_line { 'nagios_command':
path => '/etc/nagios/nagios.cfg',
line => 'cfg_file=/etc/nagios/nagios_command.cfg',
}
file_line{'nagios_service':
path => '/etc/nagios/nagios.cfg',
line => 'cfg_file=/etc/nagios/nagios_service.cfg',
}
file_line { 'nagios_service':
path => '/etc/nagios/nagios.cfg',
line => 'cfg_file=/etc/nagios/nagios_service.cfg',
}
nagios_command{'check_nrpe':
command_line => '/usr/lib64/nagios/plugins/check_nrpe -H $HOSTADDRESS$ -c $ARG1$',
}
nagios_command { 'check_nrpe':
command_line => '/usr/lib64/nagios/plugins/check_nrpe -H $HOSTADDRESS$ -c $ARG1$',
}
exec{'nagiospasswd':
command => '/usr/bin/htpasswd -b /etc/nagios/passwd nagiosadmin %(CONFIG_NAGIOS_PW)s',
}
$cfg_nagios_pw = hiera('CONFIG_NAGIOS_PW')
file {"/etc/nagios/keystonerc_admin":
ensure => "present", owner => "nagios", mode => '0600',
content => "export OS_USERNAME=admin
exec { 'nagiospasswd':
command => "/usr/bin/htpasswd -b /etc/nagios/passwd nagiosadmin ${cfg_nagios_pw}",
}
$nagios_cfg_ks_adm_pw = hiera('CONFIG_KEYSTONE_ADMIN_PW')
$nagios_cfg_ctrl_host = hiera('CONFIG_CONTROLLER_HOST')
file { '/etc/nagios/keystonerc_admin':
ensure => 'present',
owner => 'nagios',
mode => '0600',
content => "export OS_USERNAME=admin
export OS_TENANT_NAME=admin
export OS_PASSWORD=%(CONFIG_KEYSTONE_ADMIN_PW)s
export OS_AUTH_URL=http://%(CONFIG_CONTROLLER_HOST)s:35357/v2.0/ ",}
export OS_PASSWORD=${nagios_cfg_ks_adm_pw}
export OS_AUTH_URL=http://${nagios_cfg_ctrl_host}:35357/v2.0/ ",
}
%(CONFIG_NAGIOS_MANIFEST_CONFIG)s
%(CONFIG_NAGIOS_MANIFEST_CONFIG)s
}
class{'nagios_configs':
notify => [Service['nagios'], Service['httpd']],
class { 'nagios_configs':
notify => [Service['nagios'], Service['httpd']],
}
include ::apache
class {'apache::mod::php': }
include concat::setup
service{['nagios']:
ensure => running,
enable => true,
hasstatus => true,
class { 'apache':
purge_configs => false,
}
class { 'apache::mod::php': }
service { ['nagios']:
ensure => running,
enable => true,
hasstatus => true,
}
firewall { '001 nagios incoming':
proto => 'tcp',
dport => ['80'],
action => 'accept',
proto => 'tcp',
dport => ['80'],
action => 'accept',
}
# ensure that we won't stop listening on 443 if horizon has ssl enabled
if hiera('CONFIG_HORIZON_SSL') {
apache::listen { '443': }
}

13
packstack/puppet/templates/neutron.pp
View File

@ -1,9 +1,8 @@
$neutron_db_host = '%(CONFIG_MARIADB_HOST)s'
$neutron_db_name = '%(CONFIG_NEUTRON_L2_DBNAME)s'
$neutron_db_user = 'neutron'
$neutron_db_password = '%(CONFIG_NEUTRON_DB_PW)s'
$neutron_sql_connection = "mysql://${neutron_db_user}:${neutron_db_password}@${neutron_db_host}/${neutron_db_name}"
$neutron_user_password = '%(CONFIG_NEUTRON_KS_PW)s'
$neutron_db_host = hiera('CONFIG_MARIADB_HOST')
$neutron_db_name = hiera('CONFIG_NEUTRON_L2_DBNAME')
$neutron_db_user = 'neutron'
$neutron_db_password = hiera('CONFIG_NEUTRON_DB_PW')
$neutron_sql_connection = "mysql://${neutron_db_user}:${neutron_db_password}@${neutron_db_host}/${neutron_db_name}"
$neutron_user_password = hiera('CONFIG_NEUTRON_KS_PW')

21
packstack/puppet/templates/neutron_api.pp
View File

@ -1,17 +1,18 @@
class { 'neutron::server':
sql_connection => $neutron_sql_connection,
connection => $neutron_sql_connection,
auth_password => $neutron_user_password,
auth_host => '%(CONFIG_CONTROLLER_HOST)s',
enabled => true,
connection => $neutron_sql_connection,
auth_password => $neutron_user_password,
auth_host => hiera('CONFIG_CONTROLLER_HOST'),
enabled => true,
mysql_module => '2.2',
}
exec { 'neutron-db-manage upgrade':
command => 'neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini upgrade head',
path => '/usr/bin',
user => 'neutron',
logoutput => 'on_failure',
before => Service['neutron-server'],
require => [Neutron_config['database/connection'], Neutron_config['DEFAULT/core_plugin']],
command => 'neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini upgrade head',
path => '/usr/bin',
user => 'neutron',
logoutput => 'on_failure',
before => Service['neutron-server'],
require => [Neutron_config['database/connection'], Neutron_config['DEFAULT/core_plugin']],
}

5
packstack/puppet/templates/neutron_dhcp.pp
View File

@ -1,4 +1,5 @@
class { 'neutron::agents::dhcp':
interface_driver => '%(CONFIG_NEUTRON_DHCP_INTERFACE_DRIVER)s',
debug => %(CONFIG_DEBUG_MODE)s,
interface_driver => hiera('CONFIG_NEUTRON_DHCP_INTERFACE_DRIVER'),
debug => hiera('CONFIG_DEBUG_MODE'),
}

8
packstack/puppet/templates/neutron_l3.pp
View File

@ -1,9 +1,9 @@
class { 'neutron::agents::l3':
interface_driver => '%(CONFIG_NEUTRON_L3_INTERFACE_DRIVER)s',
external_network_bridge => '%(CONFIG_NEUTRON_L3_EXT_BRIDGE)s',
debug => %(CONFIG_DEBUG_MODE)s,
interface_driver => hiera('CONFIG_NEUTRON_L3_INTERFACE_DRIVER'),
external_network_bridge => hiera('CONFIG_NEUTRON_L3_EXT_BRIDGE'),
debug => hiera('CONFIG_DEBUG_MODE'),
}
sysctl::value { 'net.ipv4.ip_forward':
value => '1'
value => '1',
}

2
packstack/puppet/templates/neutron_lb_agent.pp
View File

@ -1,3 +1,3 @@
class {'neutron::agents::linuxbridge':
physical_interface_mappings => '%(CONFIG_NEUTRON_LB_INTERFACE_MAPPINGS)s',
physical_interface_mappings => hiera('CONFIG_NEUTRON_LB_INTERFACE_MAPPINGS'),
}

4
packstack/puppet/templates/neutron_lb_plugin.pp
View File

@ -1,4 +1,4 @@
class { 'neutron::plugins::linuxbridge':
tenant_network_type => '%(CONFIG_NEUTRON_LB_TENANT_NETWORK_TYPE)s',
network_vlan_ranges => '%(CONFIG_NEUTRON_LB_VLAN_RANGES)s',
tenant_network_type => hiera('CONFIG_NEUTRON_LB_TENANT_NETWORK_TYPE'),
network_vlan_ranges => hiera('CONFIG_NEUTRON_LB_VLAN_RANGES'),
}

4
packstack/puppet/templates/neutron_lbaas.pp
View File

@ -1,6 +1,6 @@
class { 'neutron::agents::lbaas':
interface_driver => '%(CONFIG_NEUTRON_LBAAS_INTERFACE_DRIVER)s',
interface_driver => hiera('CONFIG_NEUTRON_LBAAS_INTERFACE_DRIVER'),
device_driver => 'neutron.services.loadbalancer.drivers.haproxy.namespace_driver.HaproxyNSDriver',
user_group => 'haproxy',
debug => %(CONFIG_DEBUG_MODE)s,
debug => hiera('CONFIG_DEBUG_MODE'),
}

16
packstack/puppet/templates/neutron_metadata.pp
View File

@ -1,8 +1,10 @@
class {'neutron::agents::metadata':
auth_password => '%(CONFIG_NEUTRON_KS_PW)s',
auth_url => 'http://%(CONFIG_CONTROLLER_HOST)s:35357/v2.0',
auth_region => '%(CONFIG_KEYSTONE_REGION)s',
shared_secret => '%(CONFIG_NEUTRON_METADATA_PW)s',
metadata_ip => '%(CONFIG_CONTROLLER_HOST)s',
debug => %(CONFIG_DEBUG_MODE)s,
$neutron_metadata_cfg_ctrl_host = hiera('CONFIG_CONTROLLER_HOST')
class { 'neutron::agents::metadata':
auth_password => hiera('CONFIG_NEUTRON_KS_PW'),
auth_url => "http://${neutron_metadata_cfg_ctrl_host}:35357/v2.0",
auth_region => hiera('CONFIG_KEYSTONE_REGION'),
shared_secret => hiera('CONFIG_NEUTRON_METADATA_PW'),
metadata_ip => hiera('CONFIG_CONTROLLER_HOST'),
debug => hiera('CONFIG_DEBUG_MODE'),
}

4
packstack/puppet/templates/neutron_metering_agent.pp
View File

@ -1,4 +1,4 @@
class { 'neutron::agents::metering':
interface_driver => '%(CONFIG_NEUTRON_METERING_IFCE_DRIVER)s',
debug => %(CONFIG_DEBUG_MODE)s,
interface_driver => hiera('CONFIG_NEUTRON_METERING_IFCE_DRIVER'),
debug => hiera('CONFIG_DEBUG_MODE'),
}

29
packstack/puppet/templates/neutron_ml2_plugin.pp
View File

@ -1,17 +1,26 @@
if hiera('CONFIG_NEUTRON_ML2_VXLAN_GROUP') == '' {
$vxlan_group_value = undef
} else {
$vxlan_group_value = hiera('CONFIG_NEUTRON_ML2_VXLAN_GROUP')
}
class { 'neutron::plugins::ml2':
type_drivers => %(CONFIG_NEUTRON_ML2_TYPE_DRIVERS)s,
tenant_network_types => %(CONFIG_NEUTRON_ML2_TENANT_NETWORK_TYPES)s,
mechanism_drivers => %(CONFIG_NEUTRON_ML2_MECHANISM_DRIVERS)s,
flat_networks => %(CONFIG_NEUTRON_ML2_FLAT_NETWORKS)s,
network_vlan_ranges => %(CONFIG_NEUTRON_ML2_VLAN_RANGES)s,
tunnel_id_ranges => %(CONFIG_NEUTRON_ML2_TUNNEL_ID_RANGES)s,
vxlan_group => %(CONFIG_NEUTRON_ML2_VXLAN_GROUP)s,
vni_ranges => %(CONFIG_NEUTRON_ML2_VNI_RANGES)s,
type_drivers => hiera_array('CONFIG_NEUTRON_ML2_TYPE_DRIVERS'),
tenant_network_types => hiera_array('CONFIG_NEUTRON_ML2_TENANT_NETWORK_TYPES'),
mechanism_drivers => hiera_array('CONFIG_NEUTRON_ML2_MECHANISM_DRIVERS'),
flat_networks => hiera_array('CONFIG_NEUTRON_ML2_FLAT_NETWORKS'),
network_vlan_ranges => hiera_array('CONFIG_NEUTRON_ML2_VLAN_RANGES'),
tunnel_id_ranges => hiera_array('CONFIG_NEUTRON_ML2_TUNNEL_ID_RANGES'),
vxlan_group => $vxlan_group_value,
vni_ranges => hiera_array('CONFIG_NEUTRON_ML2_VNI_RANGES'),
enable_security_group => true,
}
# For cases where "neutron-db-manage upgrade" command is called we need to fill config file first
# For cases where "neutron-db-manage upgrade" command is called
# we need to fill config file first
if defined(Exec['neutron-db-manage upgrade']) {
Neutron_plugin_ml2<||> -> File['/etc/neutron/plugin.ini'] -> Exec['neutron-db-manage upgrade']
Neutron_plugin_ml2<||> ->
File['/etc/neutron/plugin.ini'] ->
Exec['neutron-db-manage upgrade']
}

14
packstack/puppet/templates/neutron_notifications.pp
View File

@ -1,9 +1,11 @@
$neutron_notif_cfg_ctrl_host = hiera('CONFIG_CONTROLLER_HOST')
# Configure nova notifications system
class { 'neutron::server::notifications':
nova_admin_username => 'nova',
nova_admin_password => '%(CONFIG_NOVA_KS_PW)s',
nova_admin_tenant_name => 'services',
nova_url => 'http://%(CONFIG_CONTROLLER_HOST)s:8774/v2',
nova_admin_auth_url => 'http://%(CONFIG_CONTROLLER_HOST)s:35357/v2.0',
nova_region_name => '%(CONFIG_KEYSTONE_REGION)s',
nova_admin_username => 'nova',
nova_admin_password => hiera('CONFIG_NOVA_KS_PW'),
nova_admin_tenant_name => 'services',
nova_url => "http://${neutron_notif_cfg_ctrl_host}:8774/v2",
nova_admin_auth_url => "http://${neutron_notif_cfg_ctrl_host}:35357/v2.0",
nova_region_name => hiera('CONFIG_KEYSTONE_REGION'),
}

16
packstack/puppet/templates/neutron_ovs_agent_gre.pp
View File

@ -1,21 +1,23 @@
if "%(CONFIG_NEUTRON_OVS_TUNNEL_IF)s" {
$iface = regsubst('%(CONFIG_NEUTRON_OVS_TUNNEL_IF)s', '[\.\-\:]', '_', 'G')
$ovs_agent_gre_cfg_neut_ovs_tun_if = hiera('CONFIG_NEUTRON_OVS_TUNNEL_IF')
if $ovs_agent_gre_cfg_neut_ovs_tun_if != '' {
$iface = regsubst($ovs_agent_gre_cfg_neut_ovs_tun_if, '[\.\-\:]', '_', 'G')
$localip = inline_template("<%%= scope.lookupvar('::ipaddress_${iface}') %%>")
} else {
$localip = '%(CONFIG_NEUTRON_OVS_HOST)s'
$localip = $cfg_neutron_ovs_host
}
if '%(CONFIG_NEUTRON_L2_PLUGIN)s' == 'ml2' {
if hiera('CONFIG_NEUTRON_L2_PLUGIN') == 'ml2' {
class { 'neutron::agents::ml2::ovs':
bridge_mappings => %(CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS)s,
bridge_mappings => hiera_array('CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS'),
enable_tunneling => true,
tunnel_types => ['gre'],
local_ip => $localip,
l2_population => %(CONFIG_NEUTRON_USE_L2POPULATION)s,
l2_population => hiera('CONFIG_NEUTRON_USE_L2POPULATION'),
}
} else {
class { 'neutron::agents::ovs':
bridge_mappings => %(CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS)s,
bridge_mappings => hiera_array('CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS'),
enable_tunneling => true,
tunnel_types => ['gre'],
local_ip => $localip,

8
packstack/puppet/templates/neutron_ovs_agent_local.pp
View File

@ -1,12 +1,12 @@
if '%(CONFIG_NEUTRON_L2_PLUGIN)s' == 'ml2' {
if hiera('CONFIG_NEUTRON_L2_PLUGIN') == 'ml2' {
class { 'neutron::agents::ml2::ovs':
bridge_mappings => %(CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS)s,
l2_population => %(CONFIG_NEUTRON_USE_L2POPULATION)s,
bridge_mappings => hiera_array('CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS'),
l2_population => hiera('CONFIG_NEUTRON_USE_L2POPULATION'),
}
} else {
class { 'neutron::agents::ovs':
bridge_mappings => %(CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS)s,
bridge_mappings => hiera_array('CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS'),
}
file { 'ovs_neutron_plugin.ini':

8
packstack/puppet/templates/neutron_ovs_agent_vlan.pp
View File

@ -1,12 +1,12 @@
if '%(CONFIG_NEUTRON_L2_PLUGIN)s' == 'ml2' {
if hiera('CONFIG_NEUTRON_L2_PLUGIN') == 'ml2' {
class { 'neutron::agents::ml2::ovs':
bridge_mappings => %(CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS)s,
l2_population => %(CONFIG_NEUTRON_USE_L2POPULATION)s,
bridge_mappings => hiera_array('CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS'),
l2_population => hiera('CONFIG_NEUTRON_USE_L2POPULATION'),
}
} else {
class { 'neutron::agents::ovs':
bridge_mappings => %(CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS)s,
bridge_mappings => hiera_array('CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS'),
}
file { 'ovs_neutron_plugin.ini':

19
packstack/puppet/templates/neutron_ovs_agent_vxlan.pp
View File

@ -1,27 +1,28 @@
$ovs_agent_vxlan_cfg_neut_ovs_tun_if = hiera('CONFIG_NEUTRON_OVS_TUNNEL_IF')
if "%(CONFIG_NEUTRON_OVS_TUNNEL_IF)s" {
$iface = regsubst('%(CONFIG_NEUTRON_OVS_TUNNEL_IF)s', '[\.\-\:]', '_', 'G')
if $ovs_agent_vxlan_cfg_neut_ovs_tun_if != '' {
$iface = regsubst($ovs_agent_vxlan_cfg_neut_ovs_tun_if, '[\.\-\:]', '_', 'G')
$localip = inline_template("<%%= scope.lookupvar('::ipaddress_${iface}') %%>")
} else {
$localip = '%(CONFIG_NEUTRON_OVS_HOST)s'
$localip = $cfg_neutron_ovs_host
}
if '%(CONFIG_NEUTRON_L2_PLUGIN)s' == 'ml2' {
if hiera('CONFIG_NEUTRON_L2_PLUGIN') == 'ml2' {
class { 'neutron::agents::ml2::ovs':
bridge_mappings => %(CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS)s,
bridge_mappings => hiera_array('CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS'),
enable_tunneling => true,
tunnel_types => ['vxlan'],
local_ip => $localip,
vxlan_udp_port => %(CONFIG_NEUTRON_OVS_VXLAN_UDP_PORT)s,
l2_population => %(CONFIG_NEUTRON_USE_L2POPULATION)s,
vxlan_udp_port => hiera('CONFIG_NEUTRON_OVS_VXLAN_UDP_PORT'),
l2_population => hiera('CONFIG_NEUTRON_USE_L2POPULATION'),
}
} else {
class { 'neutron::agents::ovs':
bridge_mappings => %(CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS)s,
bridge_mappings => hiera_array('CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS'),
enable_tunneling => true,
tunnel_types => ['vxlan'],
local_ip => $localip,
vxlan_udp_port => %(CONFIG_NEUTRON_OVS_VXLAN_UDP_PORT)s,
vxlan_udp_port => hiera('CONFIG_NEUTRON_OVS_VXLAN_UDP_PORT'),
}
file { 'ovs_neutron_plugin.ini':

10
packstack/puppet/templates/neutron_ovs_bridge.pp
View File

@ -1,10 +1,14 @@
if '%(CONFIG_NEUTRON_L2_PLUGIN)s' == 'ml2' {
$ovs_bridge_cfg_neut_l2_plugin = hiera('CONFIG_NEUTRON_L2_PLUGIN')
if $ovs_bridge_cfg_neut_l2_plugin == 'ml2' {
$agent_service = 'neutron-ovs-agent-service'
} else {
$agent_service = 'neutron-plugin-ovs-service'
}
vs_bridge { '%(CONFIG_NEUTRON_OVS_BRIDGE)s':
$config_neutron_ovs_bridge = hiera('CONFIG_NEUTRON_OVS_BRIDGE')
vs_bridge { $config_neutron_ovs_bridge:
ensure => present,
require => Service["${agent_service}"]
require => Service[$agent_service],
}

6
packstack/puppet/templates/neutron_ovs_plugin_gre.pp
View File

@ -1,5 +1,5 @@
class { 'neutron::plugins::ovs':
tenant_network_type => '%(CONFIG_NEUTRON_OVS_TENANT_NETWORK_TYPE)s',
network_vlan_ranges => '%(CONFIG_NEUTRON_OVS_VLAN_RANGES)s',
tunnel_id_ranges => '%(CONFIG_NEUTRON_OVS_TUNNEL_RANGES)s',
tenant_network_type => hiera('CONFIG_NEUTRON_OVS_TENANT_NETWORK_TYPE'),
network_vlan_ranges => hiera('CONFIG_NEUTRON_OVS_VLAN_RANGES'),
tunnel_id_ranges => hiera('CONFIG_NEUTRON_OVS_TUNNEL_RANGES'),
}

4
packstack/puppet/templates/neutron_ovs_plugin_local.pp
View File

@ -1,4 +1,4 @@
class { 'neutron::plugins::ovs':
tenant_network_type => '%(CONFIG_NEUTRON_OVS_TENANT_NETWORK_TYPE)s',
network_vlan_ranges => '%(CONFIG_NEUTRON_OVS_VLAN_RANGES)s',
tenant_network_type => hiera('CONFIG_NEUTRON_OVS_TENANT_NETWORK_TYPE'),
network_vlan_ranges => hiera('CONFIG_NEUTRON_OVS_VLAN_RANGES'),
}

4
packstack/puppet/templates/neutron_ovs_plugin_vlan.pp
View File

@ -1,4 +1,4 @@
class { 'neutron::plugins::ovs':
tenant_network_type => '%(CONFIG_NEUTRON_OVS_TENANT_NETWORK_TYPE)s',
network_vlan_ranges => '%(CONFIG_NEUTRON_OVS_VLAN_RANGES)s',
tenant_network_type => hiera('CONFIG_NEUTRON_OVS_TENANT_NETWORK_TYPE'),
network_vlan_ranges => hiera('CONFIG_NEUTRON_OVS_VLAN_RANGES'),
}

8
packstack/puppet/templates/neutron_ovs_plugin_vxlan.pp
View File

@ -1,7 +1,7 @@
class { 'neutron::plugins::ovs':
tenant_network_type => '%(CONFIG_NEUTRON_OVS_TENANT_NETWORK_TYPE)s',
network_vlan_ranges => '%(CONFIG_NEUTRON_OVS_VLAN_RANGES)s',
tunnel_id_ranges => '%(CONFIG_NEUTRON_OVS_TUNNEL_RANGES)s',
vxlan_udp_port => %(CONFIG_NEUTRON_OVS_VXLAN_UDP_PORT)s,
tenant_network_type => hiera('CONFIG_NEUTRON_OVS_TENANT_NETWORK_TYPE'),
network_vlan_ranges => hiera('CONFIG_NEUTRON_OVS_VLAN_RANGES'),
tunnel_id_ranges => hiera('CONFIG_NEUTRON_OVS_TUNNEL_RANGES'),
vxlan_udp_port => hiera('CONFIG_NEUTRON_OVS_VXLAN_UDP_PORT'),
}

8
packstack/puppet/templates/neutron_ovs_port.pp
View File

@ -1,5 +1,7 @@
vs_port { '%(CONFIG_NEUTRON_OVS_IFACE)s':
bridge => '%(CONFIG_NEUTRON_OVS_BRIDGE)s',
ensure => present
$cfg_neutron_ovs_iface = hiera('CONFIG_NEUTRON_OVS_IFACE')
vs_port { $cfg_neutron_ovs_iface:
ensure => present,
bridge => hiera('CONFIG_NEUTRON_OVS_BRIDGE'),
}

16
packstack/puppet/templates/neutron_qpid.pp
View File

@ -1,14 +1,14 @@
class { 'neutron':
rpc_backend => 'neutron.openstack.common.rpc.impl_qpid',
qpid_hostname => '%(CONFIG_AMQP_HOST)s',
qpid_username => '%(CONFIG_AMQP_AUTH_USER)s',
qpid_password => '%(CONFIG_AMQP_AUTH_PASSWORD)s',
qpid_port => '%(CONFIG_AMQP_CLIENTS_PORT)s',
qpid_protocol => '%(CONFIG_AMQP_PROTOCOL)s',
core_plugin => '%(CONFIG_NEUTRON_CORE_PLUGIN)s',
qpid_hostname => hiera('CONFIG_AMQP_HOST'),
qpid_username => hiera('CONFIG_AMQP_AUTH_USER'),
qpid_password => hiera('CONFIG_AMQP_AUTH_PASSWORD'),
qpid_port => hiera('CONFIG_AMQP_CLIENTS_PORT'),
qpid_protocol => hiera('CONFIG_AMQP_PROTOCOL'),
core_plugin => hiera('CONFIG_NEUTRON_CORE_PLUGIN'),
allow_overlapping_ips => true,
service_plugins => %(SERVICE_PLUGINS)s,
service_plugins => hiera_array('SERVICE_PLUGINS'),
verbose => true,
debug => %(CONFIG_DEBUG_MODE)s,
debug => hiera('CONFIG_DEBUG_MODE'),
}

14
packstack/puppet/templates/neutron_rabbitmq.pp
View File

@ -1,12 +1,12 @@
class { 'neutron':
rabbit_host => '%(CONFIG_AMQP_HOST)s',
rabbit_port => '%(CONFIG_AMQP_CLIENTS_PORT)s',
rabbit_user => '%(CONFIG_AMQP_AUTH_USER)s',
rabbit_password => '%(CONFIG_AMQP_AUTH_PASSWORD)s',
core_plugin => '%(CONFIG_NEUTRON_CORE_PLUGIN)s',
rabbit_host => hiera('CONFIG_AMQP_HOST'),
rabbit_port => hiera('CONFIG_AMQP_CLIENTS_PORT'),
rabbit_user => hiera('CONFIG_AMQP_AUTH_USER'),
rabbit_password => hiera('CONFIG_AMQP_AUTH_PASSWORD'),
core_plugin => hiera('CONFIG_NEUTRON_CORE_PLUGIN'),
allow_overlapping_ips => true,
service_plugins => %(SERVICE_PLUGINS)s,
service_plugins => hiera_array('SERVICE_PLUGINS'),
verbose => true,
debug => %(CONFIG_DEBUG_MODE)s,
debug => hiera('CONFIG_DEBUG_MODE'),
}

10
packstack/puppet/templates/nova_api.pp
View File

@ -1,10 +1,10 @@
require 'keystone::python'
class {"nova::api":
enabled => true,
auth_host => "%(CONFIG_CONTROLLER_HOST)s",
admin_password => "%(CONFIG_NOVA_KS_PW)s",
neutron_metadata_proxy_shared_secret => %(CONFIG_NEUTRON_METADATA_PW_UNQUOTED)s
class { 'nova::api':
enabled => true,
auth_host => hiera('CONFIG_CONTROLLER_HOST'),
admin_password => hiera('CONFIG_NOVA_KS_PW'),
neutron_metadata_proxy_shared_secret => hiera('CONFIG_NEUTRON_METADATA_PW_UNQUOTED'),
}
Package<| title == 'nova-common' |> -> Class['nova::api']

Some files were not shown because too many files have changed in this diff Show More