diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..e06d208 --- /dev/null +++ b/LICENSE @@ -0,0 +1,202 @@ +Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + diff --git a/README.md b/README.md new file mode 100644 index 0000000..f8f8756 --- /dev/null +++ b/README.md @@ -0,0 +1,6 @@ +fuel-plugin-designate +============ + +Plugin description: + +This is Fuel Plugin for Designate used in Fuel Environment for deploying Designate diff --git a/deployment_scripts/puppet/manifests/db.pp b/deployment_scripts/puppet/manifests/db.pp new file mode 100644 index 0000000..f94be89 --- /dev/null +++ b/deployment_scripts/puppet/manifests/db.pp @@ -0,0 +1,56 @@ +notice('MODULAR: designate/db.pp') + +$node_name = hiera('node_name') + +$designate_hash = hiera_hash('fuel-plugin-designate', $default_fuel_plugin_designate) +$mysql_hash = hiera_hash('mysql_hash', {}) + +$designate_enabled = pick($designate_hash['metadata']['enabled'], false) +$database_vip = hiera('database_vip') + +$mysql_root_user = pick($mysql_hash['root_user'], 'root') +$mysql_db_create = pick($mysql_hash['db_create'], true) +$mysql_root_password = $mysql_hash['root_password'] + +$db_user = pick($designate_hash['metadata']['db_user'], 'designate') +$db_name = pick($designate_hash['metadata']['db_name'], 'designate') +$db_password = pick($designate_hash['metadata']['db_password'], $mysql_root_password) + +$db_host = pick($designate_hash['metadata']['db_host'], $database_vip) +$db_create = pick($designate_hash['metadata']['db_create'], $mysql_db_create) +$db_root_user = pick($designate_hash['metadata']['root_user'], $mysql_root_user) +$db_root_password = pick($designate_hash['metadata']['root_password'], $mysql_root_password) + +$allowed_hosts = [ $node_name, 'localhost', '127.0.0.1', '%' ] + +validate_string($mysql_root_user) + +if $designate_enabled and $db_create { + + class { 'galera::client': + custom_setup_class => hiera('mysql_custom_setup_class', 'galera'), + } + + class { 'designate::db::mysql': + user => $db_user, + password => $db_password, + dbname => $db_name, + allowed_hosts => $allowed_hosts, + } + + class { 'osnailyfacter::mysql_access': + db_host => $db_host, + db_user => $db_root_user, + db_password => $db_root_password, + } + + Class['galera::client'] -> + Class['osnailyfacter::mysql_access'] -> + Class['designate::db::mysql'] + +} + +class mysql::config {} +include mysql::config +class mysql::server {} +include mysql::server diff --git a/deployment_scripts/puppet/manifests/designate.pp b/deployment_scripts/puppet/manifests/designate.pp new file mode 100644 index 0000000..58c0edc --- /dev/null +++ b/deployment_scripts/puppet/manifests/designate.pp @@ -0,0 +1,79 @@ +notice('MODULAR: designate/designate.pp') + +$designate_hash = hiera_hash('fuel-plugin-designate', {}) +$public_vip = hiera('public_vip') +$management_vip = hiera('management_vip') +$database_vip = hiera('database_vip', $management_vip) +$public_ssl_hash = hiera('public_ssl') +$mysql_hash = hiera_hash('mysql_hash', {}) + +$network_metadata = hiera_hash('network_metadata', {}) + +$public_address = $public_ssl_hash['services'] ? { + true => $public_ssl_hash['hostname'], + default => $public_vip, +} +$public_protocol = $public_ssl_hash['services'] ? { + true => 'https', + default => 'http', +} + +$debug = hiera('debug', true) +$verbose = hiera('verbose', true) +$rabbit_hash = hiera_hash('rabbit_hash', {}) +$rabbit_ha_queues = hiera('rabbit_ha_queues') +$amqp_hosts = hiera('amqp_hosts') +$rabbit_hosts = split($amqp_hosts, ',') + +$db_host = pick($designate_hash['metadata']['db_host'], $database_vip) +$db_user = pick($designate_hash['metadata']['db_user'], 'designate') +$db_name = pick($designate_hash['metadata']['db_name'], 'designate') +$db_password = pick($designate_hash['metadata']['db_password'], 'designate') +$database_connection = "mysql://${db_user}:${db_password}@${db_host}/${db_name}?charset=utf8&read_timeout=60" + +$designate_auth_strategy = "keystone" +$keystone_endpoint = hiera('service_endpoint', $management_vip) +$designate_tenant = pick($designate_hash['metadata']['tenant'],'services') +$designate_user = pick($designate_hash['metadata']['user'],'designate') +$designate_user_password = pick($designate_hash['metadata']['user_password'],'designate') +$enable_api_v2 = hiera('enable_api_v2', true) + +if $designate_hash['metadata']['enabled'] { + class { 'designate': + verbose => $verbose, + debug => $debug, + rabbit_hosts => $rabbit_hosts, + rabbit_port => $rabbit_port, + rabbit_userid => $rabbit_hash['user'], + rabbit_password => $rabbit_hash['password'], + } + + class { 'designate::agent': } + + class { 'designate::db': + database_connection => $database_connection, + } + + class { 'designate::client': } + + class { 'designate::api': + auth_strategy => $designate_auth_strategy, + keystone_host => $keystone_endpoint, + keystone_protocol => $public_protocol, + keystone_tenant => $designate_tenant, + keystone_user => $designate_user, + keystone_password => $designate_user_password, + enable_api_v2 => $enable_api_v2, + } + + class { 'designate::sink': } + + class { 'designate::central': } + + firewall { '207 designate-api' : + dport => '9001', + proto => 'tcp', + action => 'accept', + } + +} diff --git a/deployment_scripts/puppet/manifests/haproxy.pp b/deployment_scripts/puppet/manifests/haproxy.pp new file mode 100644 index 0000000..92685bd --- /dev/null +++ b/deployment_scripts/puppet/manifests/haproxy.pp @@ -0,0 +1,38 @@ +notice('MODULAR: designate/haproxy.pp') + +$designate_hash = hiera_hash('fuel-plugin-designate', {}) +$public_ssl_hash = hiera('public_ssl') +$network_metadata = hiera_hash('network_metadata') + +$use_designate = pick($designate_hash['metadata']['enabled'], true) + + +$designate_address_map = get_node_to_ipaddr_map_by_network_role(get_nodes_hash_by_roles($network_metadata, ['designate']), 'designate/api') + +if ($use_designate) { + $server_names = pick(hiera_array('designate_names', undef), + keys($designate_address_map)) + $ipaddresses = pick(hiera_array('designate_ipaddresses', undef), + values($designate_address_map)) + $public_virtual_ip = hiera('public_vip') + $internal_virtual_ip = hiera('management_vip') + + # configure designate ha proxy + Openstack::Ha::Haproxy_service { + ipaddresses => $ipaddresses, + public_virtual_ip => $public_virtual_ip, + server_names => $server_names, + public => true, + public_ssl => $public_ssl_hash['services'], + haproxy_config_options => { + option => ['httpchk GET /', 'httplog','httpclose'], + }, + } + + openstack::ha::haproxy_service { 'designate-api': + order => '230', + listen_port => 9001, + internal_virtual_ip => $internal_virtual_ip, + } + +} diff --git a/deployment_scripts/puppet/manifests/keystone.pp b/deployment_scripts/puppet/manifests/keystone.pp new file mode 100644 index 0000000..7bea609 --- /dev/null +++ b/deployment_scripts/puppet/manifests/keystone.pp @@ -0,0 +1,36 @@ +notice('MODULAR: designate/keystone.pp') + +$designate_hash = hiera_hash('fuel-plugin-designate', {}) +$public_ip = hiera('public_vip') +$management_ip = hiera('management_vip') +$public_ssl = hiera('public_ssl') +$region = hiera('region', 'RegionOne') + + +$public_protocol = $public_ssl['services'] ? { + true => 'https', + default => 'http', +} + +$public_address = $public_ssl['services'] ? { + true => $public_ssl['hostname'], + default => $public_ip, +} + +$api_bind_port = '9001' + +$tenant = pick($designate_hash['metadata']['tenant'], 'services') +$public_url = "${public_protocol}://${public_address}:${api_bind_port}" +$admin_url = "http://${management_ip}:${api_bind_port}" + +################################################################# + +class { 'designate::keystone::auth': + password => $designate_hash['metadata']['user_password'], + service_type => 'dns', + region => $region, + tenant => $tenant, + public_url => $public_url, + admin_url => $admin_url, + internal_url => $admin_url, +} diff --git a/deployment_scripts/puppet/modules/designate/.gitignore b/deployment_scripts/puppet/modules/designate/.gitignore new file mode 100644 index 0000000..9af82ca --- /dev/null +++ b/deployment_scripts/puppet/modules/designate/.gitignore @@ -0,0 +1,6 @@ +Gemfile.lock +spec/fixtures/modules/* +spec/fixtures/manifests/site.pp +*.swp +pkg +openstack/ diff --git a/deployment_scripts/puppet/modules/designate/.gitreview b/deployment_scripts/puppet/modules/designate/.gitreview new file mode 100644 index 0000000..1f00d47 --- /dev/null +++ b/deployment_scripts/puppet/modules/designate/.gitreview @@ -0,0 +1,4 @@ +[gerrit] +host=review.openstack.org +port=29418 +project=openstack/puppet-designate.git diff --git a/deployment_scripts/puppet/modules/designate/CHANGELOG.md b/deployment_scripts/puppet/modules/designate/CHANGELOG.md new file mode 100644 index 0000000..18cce70 --- /dev/null +++ b/deployment_scripts/puppet/modules/designate/CHANGELOG.md @@ -0,0 +1,12 @@ +##2015-10-10 - 6.1.0 +###Summary + +This is a maintenance release in the Kilo series. + +####Maintenance +- acceptance: checkout stable/kilo puppet modules + +##2015-07-08 - 6.0.0 +###Summary + +- Initial release of the puppet-designate module diff --git a/deployment_scripts/puppet/modules/designate/Gemfile b/deployment_scripts/puppet/modules/designate/Gemfile new file mode 100644 index 0000000..eed3fb1 --- /dev/null +++ b/deployment_scripts/puppet/modules/designate/Gemfile @@ -0,0 +1,35 @@ +source 'https://rubygems.org' + +group :development, :test do + gem 'puppetlabs_spec_helper', :require => false + gem 'rspec-puppet', '~> 2.1.0', :require => false + + gem 'metadata-json-lint' + gem 'puppet-lint-param-docs' + gem 'puppet-lint-absolute_classname-check' + gem 'puppet-lint-absolute_template_path' + gem 'puppet-lint-trailing_newline-check' + + # Puppet 4.x related lint checks + gem 'puppet-lint-unquoted_string-check' + gem 'puppet-lint-leading_zero-check' + gem 'puppet-lint-variable_contains_upcase' + gem 'puppet-lint-numericvariable' + + gem 'beaker-rspec', :require => false + gem 'beaker-puppet_install_helper', :require => false + gem 'json' + gem 'webmock' +end + +group :system_tests do + gem 'r10k', :require => 'false' +end + +if puppetversion = ENV['PUPPET_GEM_VERSION'] + gem 'puppet', puppetversion, :require => false +else + gem 'puppet', :require => false +end + +# vim:ft=ruby diff --git a/deployment_scripts/puppet/modules/designate/LICENSE b/deployment_scripts/puppet/modules/designate/LICENSE new file mode 100644 index 0000000..8961ce8 --- /dev/null +++ b/deployment_scripts/puppet/modules/designate/LICENSE @@ -0,0 +1,15 @@ +Copyright (C) 2012 Puppet Labs Inc + +Puppet Labs can be contacted at: info@puppetlabs.com + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/deployment_scripts/puppet/modules/designate/README.md b/deployment_scripts/puppet/modules/designate/README.md new file mode 100644 index 0000000..2a97ed2 --- /dev/null +++ b/deployment_scripts/puppet/modules/designate/README.md @@ -0,0 +1,101 @@ +puppet-designate +================ + +6.1.0 - 2015.1 - Kilo + +#### Table of Contents + +1. [Overview - What is the designate module?](#overview) +2. [Module Description - What does the module do?](#module-description) +3. [Setup - The basics of getting started with designate](#setup) +4. [Implementation - An under-the-hood peek at what the module is doing](#implementation) +5. [Limitations - OS compatibility, etc.](#limitations) +6. [Development - Guide for contributing to the module](#development) +7. [Contributors - Those with commits](#contributors) +8. [Release Notes - Notes on the most recent updates to the module](#release-notes) + +Overview +-------- + +The designate module is a part of [OpenStack](https://github.com/openstack), an effort by the Openstack infrastructure team to provide continuous integration testing and code review for Openstack and Openstack community projects as part of the core software. The module itself is used to flexibly configure and manage the DNS service for Openstack. + +Module Description +------------------ + +Setup +----- + +**What the designate module affects:** + +* designate, the DNS service for Openstack. + +Implementation +-------------- + +### designate + +designate is a combination of Puppet manifest and ruby code to delivery configuration and extra functionality through types and providers. + +Limitations +----------- + +None. + +Beaker-Rspec +------------ + +This module has beaker-rspec tests + +To run: + +``shell +bundle install +bundle exec rspec spec/acceptance +`` + +Development +----------- + +Developer documentation for the entire puppet-openstack project. + +* https://wiki.openstack.org/wiki/Puppet-openstack#Developer_documentation + +WORK IN PROGRESS +---------------- + +✓ Basic structure +✓ DB +✓ Keystone (Users, Services, Endpoints) +✓ Client +✓ designate-api +✓ designate-central +✗ designate-agent (in progress) +✗ designate-sink (in progress) +✓ An example of site.pp +✓ Write Tests + +Setup +----- + +### Get Prepared for Deployment + +#### Debian/Ubuntu + +* Debian testing (jessie) include all designate packages. +* Ubuntu utopic is the minimum requirement for Ubuntu deployment. + +#### RedHat + +* Currently there is no available RPM packages for use, you need to package it from source. + * First, clone the spec file from https://github.com/NewpTone/designate-spec.git + * Then, clone the source file from https://github.com/openstack/designate.git + * Last, use rpmbuild to package it. + +Contributors +------------ + +* https://github.com/openstack/puppet-designate/graphs/contributors + +Release Notes +------------- + diff --git a/deployment_scripts/puppet/modules/designate/Rakefile b/deployment_scripts/puppet/modules/designate/Rakefile new file mode 100644 index 0000000..1931049 --- /dev/null +++ b/deployment_scripts/puppet/modules/designate/Rakefile @@ -0,0 +1,71 @@ +require 'puppetlabs_spec_helper/rake_tasks' +require 'puppet-lint/tasks/puppet-lint' +require 'json' + +PuppetLint.configuration.fail_on_warnings = true +PuppetLint.configuration.send('disable_names_containing_dash') +PuppetLint.configuration.send('disable_80chars') +PuppetLint.configuration.send('disable_class_parameter_defaults') + +modname = JSON.parse(open('metadata.json').read)['name'].split('-')[1] + +Rake::Task[:spec_prep].clear +desc 'Create the fixtures directory' +task :spec_prep do + # Allow to test the module with custom dependencies + # like you could do with .fixtures file + if ENV['PUPPETFILE'] + puppetfile = ENV['PUPPETFILE'] + if ENV['GEM_HOME'] + gem_home = ENV['GEM_HOME'] + gem_bin_dir = "#{gem_home}" + '/bin/' + else + gem_bin_dir = '' + end + r10k = ['env'] + r10k += ["PUPPETFILE=#{puppetfile}"] + r10k += ["PUPPETFILE_DIR=#{Dir.pwd}/spec/fixtures/modules"] + r10k += ["#{gem_bin_dir}r10k"] + r10k += ['puppetfile', 'install', '-v'] + sh(*r10k) + else + # otherwise, use official OpenStack Puppetfile + zuul_ref = ENV['ZUUL_REF'] + zuul_branch = ENV['ZUUL_BRANCH'] + zuul_url = ENV['ZUUL_URL'] + repo = 'openstack/puppet-openstack-integration' + rm_rf(repo) + if File.exists?('/usr/zuul-env/bin/zuul-cloner') + zuul_clone_cmd = ['/usr/zuul-env/bin/zuul-cloner'] + zuul_clone_cmd += ['--cache-dir', '/opt/git'] + zuul_clone_cmd += ['--zuul-ref', "#{zuul_ref}"] + zuul_clone_cmd += ['--zuul-branch', "#{zuul_branch}"] + zuul_clone_cmd += ['--zuul-url', "#{zuul_url}"] + zuul_clone_cmd += ['git://git.openstack.org', "#{repo}"] + sh(*zuul_clone_cmd) + else + sh("git clone https://git.openstack.org/#{repo} -b stable/kilo #{repo}") + end + script = ['env'] + script += ["PUPPETFILE_DIR=#{Dir.pwd}/spec/fixtures/modules"] + script += ["ZUUL_REF=#{zuul_ref}"] + script += ["ZUUL_BRANCH=#{zuul_branch}"] + script += ["ZUUL_URL=#{zuul_url}"] + script += ['bash', "#{repo}/install_modules_unit.sh"] + sh(*script) + end + rm_rf("spec/fixtures/modules/#{modname}") + ln_s(Dir.pwd, "spec/fixtures/modules/#{modname}") + mkdir_p('spec/fixtures/manifests') + touch('spec/fixtures/manifests/site.pp') +end + +Rake::Task[:spec_clean].clear +desc 'Clean up the fixtures directory' +task :spec_clean do + rm_rf('spec/fixtures/modules') + rm_rf('openstack') + if File.zero?('spec/fixtures/manifests/site.pp') + rm_f('spec/fixtures/manifests/site.pp') + end +end diff --git a/deployment_scripts/puppet/modules/designate/example/all-in-one-keystone.pp b/deployment_scripts/puppet/modules/designate/example/all-in-one-keystone.pp new file mode 100644 index 0000000..7b67b7d --- /dev/null +++ b/deployment_scripts/puppet/modules/designate/example/all-in-one-keystone.pp @@ -0,0 +1,91 @@ +# designate server-create --name designate.example.net. +# designate domain-create --name example.net. --email root@example.net +# designate record-create --type A --name www.example.net. --data 127.0.0.1 +# designate record-list +# dig www.example.net @127.0.0.1 +short +# +node /designate/ { + + include '::apt' + include '::rabbitmq' + include '::mysql::server' + + # Keystone parameters + $keystone_db_host = '127.0.0.1' + $keystone_password = 'design1tepwd' + $keystone_db_password = 'admin' + $keystone_admin_token = '09ebe37c-60e6-11e4-9663-63d2e0838999' + + # This example would install designate api + # designate central service and designate backend (bind) + $rabbit_host = '127.0.0.1' + $rabbit_userid = 'guest' + $rabbit_password = 'guest' + $auth_strategy = 'keystone' + $backend_driver = 'bind9' + $designate_db_password = 'admin' + $db_host = '127.0.0.1' + + # == Keystone == # + class { '::keystone::db::mysql': + password => $keystone_db_password, + allowed_hosts => '%', + } + + class { '::keystone': + verbose => true, + validate_service => true, + catalog_type => 'sql', + enable_pki_setup => false, + admin_token => $keystone_admin_token, + token_provider => 'keystone.token.providers.uuid.Provider', + token_driver => 'keystone.token.backends.sql.Token', + database_connection => "mysql://keystone:${keystone_db_password}@${keystone_db_host}/keystone", + } + + ## Adds the admin credential to keystone. + class { '::keystone::roles::admin': + email => 'admin@example.com', + password => $keystone_password, + admin_tenant => 'admin', + } + + ## Installs the service user endpoint. + class { '::keystone::endpoint': } + + + # == Designate == # + class {'::designate::db::mysql': + password => $designate_db_password, + } + + class {'::designate': + rabbit_host => $rabbit_host, + rabbit_userid => $rabbit_userid, + rabbit_password => $rabbit_password, + } + + class {'::designate::db': + database_connection => "mysql://designate:${designate_db_password}@${db_host}/designate" + } + + include '::designate::client' + class {'::designate::api': + auth_strategy => $auth_strategy, + keystone_password => $keystone_password, + } + + class {'::designate::central': + backend_driver => $backend_driver, + } + + include '::designate::dns' + class {'::designate::backend::bind9': + rndc_config_file => '', + rndc_key_file => '', + } + + class {'::designate::keystone::auth': + password => $keystone_password, + } +} diff --git a/deployment_scripts/puppet/modules/designate/example/all-in-one-noauth.pp b/deployment_scripts/puppet/modules/designate/example/all-in-one-noauth.pp new file mode 100644 index 0000000..c949b5e --- /dev/null +++ b/deployment_scripts/puppet/modules/designate/example/all-in-one-noauth.pp @@ -0,0 +1,42 @@ +node /designate/ { + + include '::apt' + include '::rabbitmq' + include '::mysql::server' + + # This example would install designate api and designate central service + $rabbit_host = '127.0.0.1' + $rabbit_userid = 'guest' + $rabbit_password = 'guest' + $auth_strategy = 'noauth' + $backend_driver = 'bind9' + $designate_db_password = 'admin' + $db_host = '127.0.0.1' + + + include '::designate::dns' + include '::designate::backend::bind9' + + class {'::designate::db::mysql': + password => $designate_db_password, + } + + + class {'::designate': + rabbit_host => $rabbit_host, + rabbit_userid => $rabbit_userid, + rabbit_password => $rabbit_password, + } + + class {'::designate::db': + database_connection => "mysql://designate:${designate_db_password}@${db_host}/designate" + } + + class {'::designate::api': + auth_strategy => $auth_strategy, + } + + class {'::designate::central': + backend_driver => $backend_driver, + } +} diff --git a/deployment_scripts/puppet/modules/designate/lib/puppet/provider/designate_api_paste_ini/ini_setting.rb b/deployment_scripts/puppet/modules/designate/lib/puppet/provider/designate_api_paste_ini/ini_setting.rb new file mode 100644 index 0000000..440466f --- /dev/null +++ b/deployment_scripts/puppet/modules/designate/lib/puppet/provider/designate_api_paste_ini/ini_setting.rb @@ -0,0 +1,22 @@ +Puppet::Type.type(:designate_api_paste_ini).provide( + :ini_setting, + :parent => Puppet::Type.type(:ini_setting).provider(:ruby) +) do + + def section + resource[:name].split('/', 2).first + end + + def setting + resource[:name].split('/', 2).last + end + + def separator + '=' + end + + def self.file_path + '/etc/designate/api-paste.ini' + end + +end diff --git a/deployment_scripts/puppet/modules/designate/lib/puppet/provider/designate_config/ini_setting.rb b/deployment_scripts/puppet/modules/designate/lib/puppet/provider/designate_config/ini_setting.rb new file mode 100644 index 0000000..85a8b8e --- /dev/null +++ b/deployment_scripts/puppet/modules/designate/lib/puppet/provider/designate_config/ini_setting.rb @@ -0,0 +1,22 @@ +Puppet::Type.type(:designate_config).provide( + :ini_setting, + :parent => Puppet::Type.type(:ini_setting).provider(:ruby) +) do + + def section + resource[:name].split('/', 2).first + end + + def setting + resource[:name].split('/', 2).last + end + + def separator + '=' + end + + def file_path + '/etc/designate/designate.conf' + end + +end diff --git a/deployment_scripts/puppet/modules/designate/lib/puppet/type/designate_api_paste_ini.rb b/deployment_scripts/puppet/modules/designate/lib/puppet/type/designate_api_paste_ini.rb new file mode 100644 index 0000000..6dd6d98 --- /dev/null +++ b/deployment_scripts/puppet/modules/designate/lib/puppet/type/designate_api_paste_ini.rb @@ -0,0 +1,43 @@ +Puppet::Type.newtype(:designate_api_paste_ini) do + + ensurable + + newparam(:name, :namevar => true) do + desc 'Section/setting name to manage from designate/paste-api.ini' + newvalues(/\S+\/\S+/) + end + + newproperty(:value) do + desc 'The value of the setting to be defined.' + munge do |value| + value = value.to_s.strip + value.capitalize! if value =~ /^(true|false)$/i + value + end + + def is_to_s( currentvalue ) + if resource.secret? + return '[old secret redacted]' + else + return currentvalue + end + end + + def should_to_s( newvalue ) + if resource.secret? + return '[new secret redacted]' + else + return newvalue + end + end + end + + newparam(:secret, :boolean => true) do + desc 'Whether to hide the value from Puppet logs. Defaults to `false`.' + + newvalues(:true, :false) + + defaultto false + end + +end diff --git a/deployment_scripts/puppet/modules/designate/lib/puppet/type/designate_config.rb b/deployment_scripts/puppet/modules/designate/lib/puppet/type/designate_config.rb new file mode 100644 index 0000000..7a45809 --- /dev/null +++ b/deployment_scripts/puppet/modules/designate/lib/puppet/type/designate_config.rb @@ -0,0 +1,43 @@ +Puppet::Type.newtype(:designate_config) do + + ensurable + + newparam(:name, :namevar => true) do + desc 'Section/setting name to manage from designate.conf' + newvalues(/\S+\/\S+/) + end + + newproperty(:value) do + desc 'The value of the setting to be defined.' + munge do |value| + value = value.to_s.strip + value.capitalize! if value =~ /^(true|false)$/i + value + end + newvalues(/^[\S ]*$/) + + def is_to_s( currentvalue ) + if resource.secret? + return '[old secret redacted]' + else + return currentvalue + end + end + + def should_to_s( newvalue ) + if resource.secret? + return '[new secret redacted]' + else + return newvalue + end + end + end + + newparam(:secret, :boolean => true) do + desc 'Whether to hide the value from Puppet logs. Defaults to `false`.' + + newvalues(:true, :false) + + defaultto false + end +end diff --git a/deployment_scripts/puppet/modules/designate/manifests/agent.pp b/deployment_scripts/puppet/modules/designate/manifests/agent.pp new file mode 100644 index 0000000..2e7a7ed --- /dev/null +++ b/deployment_scripts/puppet/modules/designate/manifests/agent.pp @@ -0,0 +1,56 @@ +# == Class designate::agent +# +# Configure designate agent service +# +# == Parameters +# +# [*package_ensure*] +# (optional) The state of the package +# Defaults to 'present' +# +# [*agent_package_name*] +# (optional) Name of the package containing agent resources +# Defaults to agent_package_name from designate::params +# +# [*enabled*] +# (optional) Whether to enable services. +# Defaults to true +# +# [*service_ensure*] +# (optional) Whether the designate agent service will be running. +# Defaults to 'running' +# +# [*backend_driver*] +# (optional) Driver used for backend communication (fake, rpc, bind9, powerdns) +# Defaults to 'bind9' +# +class designate::agent ( + $package_ensure = present, + $agent_package_name = undef, + $enabled = true, + $service_ensure = 'running', + $backend_driver = 'bind9', +) { + include ::designate::params + + package { 'designate-agent': + ensure => $package_ensure, + name => pick($agent_package_name, $::designate::params::agent_package_name), + tag => 'openstack', + } + + Designate_config<||> ~> Service['designate-agent'] + Package['designate-agent'] -> Designate_config<||> + + service { 'designate-agent': + ensure => $service_ensure, + name => $::designate::params::agent_service_name, + enable => $enabled, + hasstatus => true, + hasrestart => true, + } + + designate_config { + 'service:agent/backend_driver' : value => $backend_driver; + } +} diff --git a/deployment_scripts/puppet/modules/designate/manifests/api.pp b/deployment_scripts/puppet/modules/designate/manifests/api.pp new file mode 100644 index 0000000..224fb17 --- /dev/null +++ b/deployment_scripts/puppet/modules/designate/manifests/api.pp @@ -0,0 +1,112 @@ +# == Class designate::api +# +# Configure designate API service +# +# == Parameters +# +# [*package_ensure*] +# (optional) The state of the package +# Defaults to 'present' +# +# [*api_package_name*] +# (optional) Name of the package containing api resources +# Defaults to api_package_name from designate::params +# +# [*enabled*] +# (optional) Whether to enable services. +# Defaults to true +# +# [*service_ensure*] +# (optional) Whether the designate api service will be running. +# Defaults to 'running' +# +# [*auth_strategy*] +# (optional) Authentication strategy to use, can be either "noauth" or "keystone" +# Defaults to 'noauth' +# +# [*keystone_host*] +# (optional) Host running auth service. +# Defaults to '127.0.0.1' +# +# [*keystone_port*] +# (optional) Port to use for auth service on auth_host. +# Defaults to '35357' +# +# [*keystone_protocol*] +# (optional) Protocol to use for auth. +# Defaults to 'http' +# +# [*keystone_tenant*] +# (optional) Tenant to authenticate to. +# Defaults to 'services' +# +# [*keystone_user*] +# (optional) User to authenticate as with keystone. +# Defaults to 'designate' +# +# [*keystone_password*] +# (optional) Password used to authentication. +# Defaults to false +# +# [*enable_api_v1*] +# (optional) Enable Designate API Version 1 +# Defaults to true +# +# [*enable_api_v2*] +# (optional) Enable Designate API Version 2 (experimental) +# Defaults to false +# +class designate::api ( + $package_ensure = present, + $api_package_name = undef, + $enabled = true, + $service_ensure = 'running', + $auth_strategy = 'noauth', + $keystone_host = '127.0.0.1', + $keystone_port = '35357', + $keystone_protocol = 'http', + $keystone_tenant = 'services', + $keystone_user = 'designate', + $keystone_password = false, + $enable_api_v1 = true, + $enable_api_v2 = false, +){ + include ::designate::params + + package { 'designate-api': + ensure => $package_ensure, + name => pick($api_package_name, $::designate::params::api_package_name), + tag => 'openstack', + } + + Designate_config<||> ~> Service['designate-api'] + Package['designate-api'] -> Designate_config<||> + + service { 'designate-api': + ensure => $service_ensure, + name => $::designate::params::api_service_name, + enable => $enabled, + hasstatus => true, + hasrestart => true, + require => Class['::designate::db'], + subscribe => Exec['designate-dbsync'] + } + + # API Service + designate_config { + 'service:api/auth_strategy' : value => $auth_strategy; + 'service:api/enable_api_v1' : value => $enable_api_v1; + 'service:api/enable_api_v2' : value => $enable_api_v2; + } + + # Keystone Middleware + designate_config { + 'keystone_authtoken/auth_host' : value => $keystone_host; + 'keystone_authtoken/auth_port' : value => $keystone_port; + 'keystone_authtoken/auth_protocol' : value => $keystone_protocol; + 'keystone_authtoken/admin_tenant_name' : value => $keystone_tenant; + 'keystone_authtoken/admin_user' : value => $keystone_user; + 'keystone_authtoken/admin_password' : value => $keystone_password, secret => true; + } + +} diff --git a/deployment_scripts/puppet/modules/designate/manifests/backend/bind9.pp b/deployment_scripts/puppet/modules/designate/manifests/backend/bind9.pp new file mode 100644 index 0000000..4d5e9e1 --- /dev/null +++ b/deployment_scripts/puppet/modules/designate/manifests/backend/bind9.pp @@ -0,0 +1,58 @@ +# == Class designate::backend::bind9 +# +# Configure bind9 as backend +# +# == Parameters +# +# [*rndc_config_file*] +# (optional) Location of the rndc configuration file. +# Defaults to '/etc/rndc.conf' +# +# [*rndc_key_file*] +# (optional) Location of the rndc key file. +# Defaults to '/etc/rndc.key' +# +# [*rndc_host*] +# (optional) Host running DNS service. +# Defaults to '127.0.0.1' +# +# [*rndc_port*] +# (optional) Port to use for dns service on rndc_host. +# Defaults to '953' +# +class designate::backend::bind9 ( + $rndc_host = '127.0.0.1', + $rndc_port = '953', + $rndc_config_file = '/etc/rndc.conf', + $rndc_key_file = '/etc/rndc.key' +) { + include ::designate + include ::dns + + designate_config { + 'backend:bind9/rndc_host' : value => $rndc_host; + 'backend:bind9/rndc_port' : value => $rndc_port; + 'backend:bind9/rndc_config_file' : value => $rndc_config_file; + 'backend:bind9/rndc_key_file' : value => $rndc_key_file; + } + + file_line {'dns allow-new-zones': + ensure => present, + path => "${::dns::params::namedconf_path}.options", + line => 'allow-new-zones yes;', + require => Class['::designate'], + } + + Class['::dns'] -> User['designate'] + User<| title == 'designate' |> { + groups +> $::dns::params::group, + } + + file { '/var/lib/designate': + ensure => directory, + owner => 'designate', + group => $::dns::params::group, + mode => '0750', + } + +} diff --git a/deployment_scripts/puppet/modules/designate/manifests/backend/powerdns.pp b/deployment_scripts/puppet/modules/designate/manifests/backend/powerdns.pp new file mode 100644 index 0000000..77bf711 --- /dev/null +++ b/deployment_scripts/puppet/modules/designate/manifests/backend/powerdns.pp @@ -0,0 +1,57 @@ +# == Class designate::backend::powerdns +# +# Install PowerDNS and configure Designate to use it as a backend. This does +# not configure PowerDNS itself since that is expected to be very environment +# specific. +# +# == Parameters +# +# [*database_connection*] +# (required) The connection string. format: +# [driver]://[user]:[password]@[host]/[database] +# +# [*use_db_reconnect*] +# (optional) Whether or not to automatically reconnect and retry transactions. +# Defaults to true +# +class designate::backend::powerdns ( + $database_connection, + $use_db_reconnect = true, +) { + include ::designate + include ::powerdns + include ::powerdns::mysql + + # The Ubuntu packages install several example config files in here, but only + # one of them can exist, since they all load different powerdns backends. We + # purge all others so that powerdns will do what the puppet module needs. + File <| title == '/etc/powerdns/pdns.d' |> { + purge => true, + recurse => true, + } + + file { '/var/lib/designate': + ensure => directory, + owner => 'designate', + group => 'designate', + mode => '0750', + } + + designate_config { + 'backend:powerdns/connection': value => $database_connection, secret => true; + 'backend:powerdns/use_db_reconnect': value => $use_db_reconnect; + } + + exec { 'designate-powerdns-dbsync': + command => $::designate::params::powerdns_dbsync_command, + path => '/usr/bin', + user => 'root', + refreshonly => true, + logoutput => on_failure, + subscribe => Designate_config['backend:powerdns/connection'], + } + + # Have to have a valid configuration file before running migrations + Designate_config<||> -> Exec['designate-powerdns-dbsync'] + Exec['designate-powerdns-dbsync'] ~> Service<| title == 'designate-central' |> +} diff --git a/deployment_scripts/puppet/modules/designate/manifests/central.pp b/deployment_scripts/puppet/modules/designate/manifests/central.pp new file mode 100644 index 0000000..3dd0508 --- /dev/null +++ b/deployment_scripts/puppet/modules/designate/manifests/central.pp @@ -0,0 +1,58 @@ +# == Class designate::central +# +# Configure designate central service +# +# == Parameters +# +# [*package_ensure*] +# (optional) The state of the package +# Defaults to 'present' +# +# [*central_package_name*] +# (optional) Name of the package containing central resources +# Defaults to central_package_name from designate::params +# +# [*enabled*] +# (optional) Whether to enable services. +# Defaults to true +# +# [*service_ensure*] +# (optional) Whether the designate central service will be running. +# Defaults to 'running' +# +# [*backend_driver*] +# (optional) Driver used for backend communication (fake, rpc, bind9, powerdns) +# Defaults to 'bind9' +# +class designate::central ( + $package_ensure = present, + $central_package_name = undef, + $enabled = true, + $service_ensure = 'running', + $backend_driver = 'bind9', +) { + include ::designate::params + + package { 'designate-central': + ensure => $package_ensure, + name => pick($central_package_name, $::designate::params::central_package_name), + tag => 'openstack', + } + + Designate_config<||> ~> Service['designate-central'] + Package['designate-central'] -> Designate_config<||> + + service { 'designate-central': + ensure => $service_ensure, + name => $::designate::params::central_service_name, + enable => $enabled, + hasstatus => true, + hasrestart => true, + require => Class['::designate::db'], + subscribe => Exec['designate-dbsync'] + } + + designate_config { + 'service:central/backend_driver' : value => $backend_driver; + } +} diff --git a/deployment_scripts/puppet/modules/designate/manifests/client.pp b/deployment_scripts/puppet/modules/designate/manifests/client.pp new file mode 100644 index 0000000..8233a36 --- /dev/null +++ b/deployment_scripts/puppet/modules/designate/manifests/client.pp @@ -0,0 +1,28 @@ +# == Class designate::client +# +# Installs the designate python library. +# +# == Parameters +# +# [*package_ensure*] +# (optional) Ensure state for pachage. +# Defaults to 'present' + +# [*client_package_name*] +# (optional) Name of the package containing client resources +# Defaults to client_package_name from designate::params +# +class designate::client ( + $package_ensure = 'present', + $client_package_name = undef, +) { + + include ::designate::params + + package { 'python-designateclient': + ensure => $package_ensure, + name => pick($client_package_name, $::designate::params::client_package_name), + tag => 'openstack', + } + +} diff --git a/deployment_scripts/puppet/modules/designate/manifests/config.pp b/deployment_scripts/puppet/modules/designate/manifests/config.pp new file mode 100644 index 0000000..05324e7 --- /dev/null +++ b/deployment_scripts/puppet/modules/designate/manifests/config.pp @@ -0,0 +1,39 @@ +# == Class: designate::config +# +# This class is used to manage arbitrary designate configurations. +# +# === Parameters +# +# [*xxx_config*] +# (optional) Allow configuration of arbitrary designate configurations. +# The value is an hash of xxx_config resources. Example: +# { 'DEFAULT/foo' => { value => 'fooValue'}, +# 'DEFAULT/bar' => { value => 'barValue'} +# } +# +# In yaml format, Example: +# xxx_config: +# DEFAULT/foo: +# value: fooValue +# DEFAULT/bar: +# value: barValue +# +# [*designate_config*] +# (optional) Allow configuration of designate.conf configurations. +# +# [*api_paste_ini_config*] +# (optional) Allow configuration of /etc/designate/api-paste.ini configurations. +# +# NOTE: The configuration MUST NOT be already handled by this module +# or Puppet catalog compilation will fail with duplicate resources. +# +class designate::config ( + $designate_config = {}, + $api_paste_ini_config = {}, +) { + validate_hash($designate_config) + validate_hash($api_paste_ini_config) + + create_resources('designate_config', $designate_config) + create_resources('designate_api_paste_ini', $api_paste_ini_config) +} diff --git a/deployment_scripts/puppet/modules/designate/manifests/db.pp b/deployment_scripts/puppet/modules/designate/manifests/db.pp new file mode 100644 index 0000000..fca1644 --- /dev/null +++ b/deployment_scripts/puppet/modules/designate/manifests/db.pp @@ -0,0 +1,47 @@ +# == Class designate::db +# +# Configures the designate database +# +# This class will install the required libraries depending on the driver +# specified in the connection_string parameter +# +# == Parameters +# +# [*database_connection*] +# the connection string. format: [driver]://[user]:[password]@[host]/[database] +# +class designate::db ( + $database_connection = 'mysql://designate:designate@localhost/designate' +) { + + include ::designate::params + + Package<| title == 'designate-common' |> -> Class['::designate::db'] + + case $database_connection { + /^mysql:\/\//: { + require 'mysql::bindings' + require 'mysql::bindings::python' + } + default: { + fail('Unsupported backend configured') + } + } + + designate_config { + 'storage:sqlalchemy/connection': value => $database_connection, secret => true; + } + + exec { 'designate-dbsync': + command => $::designate::params::dbsync_command, + path => '/usr/bin', + user => 'root', + refreshonly => true, + logoutput => on_failure, + subscribe => Designate_config['storage:sqlalchemy/connection'] + } + + # Have to have a valid configuration file before running migrations + Designate_config<||> -> Exec['designate-dbsync'] + +} diff --git a/deployment_scripts/puppet/modules/designate/manifests/db/mysql.pp b/deployment_scripts/puppet/modules/designate/manifests/db/mysql.pp new file mode 100644 index 0000000..82f828f --- /dev/null +++ b/deployment_scripts/puppet/modules/designate/manifests/db/mysql.pp @@ -0,0 +1,55 @@ +# == Class: designate::db::mysql +# +# Class that configures mysql for designate +# +# === Parameters: +# +# [*password*] +# Password to use for the designate user +# +# [*dbname*] +# (optional) The name of the database +# Defaults to 'designate' +# +# [*user*] +# (optional) The mysql user to create +# Defaults to 'designate' +# +# [*host*] +# (optional) The IP address of the mysql server +# Defaults to '127.0.0.1' +# +# [*charset*] +# (optional) The charset to use for the designate database +# Defaults to 'utf8' +# +# [*collate*] +# (optional) The collate to use for the designate database +# Defaults to 'utf8_general_ci' +# +# [*allowed_hosts*] +# (optional) Additional hosts that are allowed to access this DB +# Defaults to undef +# +class designate::db::mysql( + $password, + $dbname = 'designate', + $user = 'designate', + $host = '127.0.0.1', + $charset = 'utf8', + $collate = 'utf8_general_ci', + $allowed_hosts = undef, +) { + + ::openstacklib::db::mysql { 'designate': + user => $user, + password_hash => mysql_password($password), + dbname => $dbname, + host => $host, + charset => $charset, + collate => $collate, + allowed_hosts => $allowed_hosts, + } + + ::Openstacklib::Db::Mysql['designate'] ~> Exec<| title == 'designate-dbsync' |> +} diff --git a/deployment_scripts/puppet/modules/designate/manifests/db/powerdns/mysql.pp b/deployment_scripts/puppet/modules/designate/manifests/db/powerdns/mysql.pp new file mode 100644 index 0000000..5002d93 --- /dev/null +++ b/deployment_scripts/puppet/modules/designate/manifests/db/powerdns/mysql.pp @@ -0,0 +1,54 @@ +# == Class: designate::db::powerdns::mysql +# +# Class that configures mysql for the designate PowerDNS backend. +# +# === Parameters: +# +# [*password*] +# Password to use for the powerdns user +# +# [*dbname*] +# (optional) The name of the database +# Defaults to 'powerdns' +# +# [*user*] +# (optional) The mysql user to create +# Defaults to 'powerdns' +# +# [*host*] +# (optional) The IP address of the mysql server +# Defaults to '127.0.0.1' +# +# [*charset*] +# (optional) The charset to use for the powerdns database +# Defaults to 'utf8' +# +# [*collate*] +# (optional) The collate to use for the powerdns database +# Defaults to 'utf8_general_ci' +# +# [*allowed_hosts*] +# (optional) Additional hosts that are allowed to access this DB +# Defaults to undef +# +class designate::db::powerdns::mysql ( + $password, + $dbname = 'powerdns', + $user = 'powerdns', + $host = '127.0.0.1', + $charset = 'utf8', + $collate = 'utf8_general_ci', + $allowed_hosts = undef, +) { + ::openstacklib::db::mysql { 'powerdns': + user => $user, + password_hash => mysql_password($password), + dbname => $dbname, + host => $host, + charset => $charset, + collate => $collate, + allowed_hosts => $allowed_hosts, + } + + ::Openstacklib::Db::Mysql['powerdns'] ~> Exec<| title == 'designate-dbsync' |> +} diff --git a/deployment_scripts/puppet/modules/designate/manifests/dns.pp b/deployment_scripts/puppet/modules/designate/manifests/dns.pp new file mode 100644 index 0000000..12bc9e9 --- /dev/null +++ b/deployment_scripts/puppet/modules/designate/manifests/dns.pp @@ -0,0 +1,48 @@ +# == Class designate::dns +# +# Configure dns for designate service +# +# == Parameters +# +# [*designatepath*] +# (optional) Directory for maintaining designate's state +# Defaults to $designate::params::designatepath +# +# [*designatefile*] +# (optional) File for maintaining designate's state +# Defaults to $designate::params::designatefile +# +class designate::dns ( + $designatepath = $::designate::params::designatepath, + $designatefile = $::designate::params::designatefile, +) inherits designate::params { + + include ::dns::params + file { $designatepath: + ensure => directory, + owner => $::dns::params::user, + group => $::dns::params::group, + mode => '0770', + } + + exec { 'create-designatefile': + command => "/bin/touch ${designatefile}", + creates => $designatefile, + require => File[$designatepath], + } + + file { $designatefile: + owner => $::dns::params::user, + group => $::dns::params::group, + mode => '0660', + require => Exec['create-designatefile'], + } + + file_line {'dns designate path': + path => $::dns::params::namedconf_path, + line => "include \"${designatefile}\";", + match => '^include \"(.*)$', + require => Class['::designate'], + } + +} diff --git a/deployment_scripts/puppet/modules/designate/manifests/init.pp b/deployment_scripts/puppet/modules/designate/manifests/init.pp new file mode 100644 index 0000000..ccf7d32 --- /dev/null +++ b/deployment_scripts/puppet/modules/designate/manifests/init.pp @@ -0,0 +1,133 @@ +# == Class designate +# +# Configure designate service +# +# == Parameters +# +# [*package_ensure*] +# (optional) The state of the package +# Defaults to 'present' +# +# [*common_package_name*] +# (optional) Name of the package containing shared resources +# Defaults to common_package_name from designate::params +# +# [*service_ensure*] +# (optional) Whether the designate-common package will be present.. +# Defaults to 'present' +# +# [*debug*] +# (optional) should the daemons log debug messages. +# Defaults to 'false' +# +# [*verbose*] +# (optional) should the daemons log verbose messages. +# Defaults to 'false' +# +# [*root_helper*] +# (optional) Command for designate rootwrap helper. +# Defaults to 'sudo designate-rootwrap /etc/designate/rootwrap.conf'. +# +# [*rabbit_host*] +# (optional) Location of rabbitmq installation. +# Defaults to '127.0.0.1' +# +# [*rabbit_port*] +# (optional) Port for rabbitmq instance. +# Defaults to '5672' +# +# [*rabbit_hosts*] +# (Optional) Array of host:port (used with HA queues). +# If defined, will remove rabbit_host & rabbit_port parameters from config +# Defaults to undef. +# +# [*rabbit_password*] +# (optional) Password used to connect to rabbitmq. +# Defaults to 'guest' +# +# [*rabbit_userid*] +# (optional) User used to connect to rabbitmq. +# Defaults to 'guest' +# +# [*rabbit_virtualhost*] +# (optional) The RabbitMQ virtual host. +# Defaults to '/' +# +class designate( + $package_ensure = present, + $common_package_name = undef, + $verbose = false, + $debug = false, + $root_helper = 'sudo designate-rootwrap /etc/designate/rootwrap.conf', + $rabbit_host = '127.0.0.1', + $rabbit_port = '5672', + $rabbit_hosts = false, + $rabbit_userid = 'guest', + $rabbit_password = '', + $rabbit_virtualhost = '/', +) { + + include ::designate::params + package { 'designate-common': + ensure => $package_ensure, + name => pick($common_package_name, $::designate::params::common_package_name), + tag => 'openstack', + } + + user { 'designate': + ensure => 'present', + name => 'designate', + gid => 'designate', + system => true, + require => Package['designate-common'], + } + + group { 'designate': + ensure => 'present', + name => 'designate', + require => Package['designate-common'], + } + + file { '/etc/designate/': + ensure => directory, + owner => 'designate', + group => 'designate', + mode => '0750', + } + + file { '/etc/designate/designate.conf': + owner => 'designate', + group => 'designate', + mode => '0640', + } + + Package['designate-common'] -> Designate_config<||> + + designate_config { + 'DEFAULT/rabbit_userid' : value => $rabbit_userid; + 'DEFAULT/rabbit_password' : value => $rabbit_password, secret => true; + 'DEFAULT/rabbit_virtualhost' : value => $rabbit_virtualhost; + } + + if $rabbit_hosts { + designate_config { 'DEFAULT/rabbit_hosts': value => join($rabbit_hosts, ',') } + designate_config { 'DEFAULT/rabbit_ha_queues': value => true } + designate_config { 'DEFAULT/rabbit_host': ensure => absent } + designate_config { 'DEFAULT/rabbit_port': ensure => absent } + } else { + designate_config { 'DEFAULT/rabbit_host': value => $rabbit_host } + designate_config { 'DEFAULT/rabbit_port': value => $rabbit_port } + designate_config { 'DEFAULT/rabbit_hosts': value => "${rabbit_host}:${rabbit_port}" } + designate_config { 'DEFAULT/rabbit_ha_queues': value => false } + } + + # default setting + designate_config { + 'DEFAULT/debug' : value => $debug; + 'DEFAULT/verbose' : value => $verbose; + 'DEFAULT/root_helper' : value => $root_helper; + 'DEFAULT/logdir' : value => $::designate::params::log_dir; + 'DEFAULT/state_path' : value => $::designate::params::state_path; + } + +} diff --git a/deployment_scripts/puppet/modules/designate/manifests/keystone/auth.pp b/deployment_scripts/puppet/modules/designate/manifests/keystone/auth.pp new file mode 100644 index 0000000..3b7c24a --- /dev/null +++ b/deployment_scripts/puppet/modules/designate/manifests/keystone/auth.pp @@ -0,0 +1,208 @@ +# == Class: designate::keystone::auth +# +# Configures designate user, service and endpoint in Keystone. +# +# === Parameters +# +# [*password*] +# Password for designate user. Required. +# +# [*email*] +# Email for designate user. Optional. Defaults to 'designate@localhost'. +# +# [*auth_name*] +# Username for designate service. Optional. Defaults to 'designate'. +# +# [*configure_endpoint*] +# Should designate endpoint be configured? Optional. Defaults to 'true'. +# +# [*service_name*] +# (optional) Name of the service. +# Defaults to the value of auth_name. +# +# [*service_type*] +# Type of service. Optional. Defaults to 'metering'. +# +# [*service_description*] +# Description for keystone service. Optional. Defaults to 'Openstack DNSaas Service'. +# +# [*region*] +# Region for endpoint. Optional. Defaults to 'RegionOne'. +# +# [*tenant*] +# Tenant for designate user. Optional. Defaults to 'services'. +# +# [*public_url*] +# (optional) The endpoint's public url. (Defaults to 'http://127.0.0.1:9001') +# This url should *not* contain any trailing '/'. +# +# [*admin_url*] +# (optional) The endpoint's admin url. (Defaults to 'http://127.0.0.1:9001') +# This url should *not* contain any trailing '/'. +# +# [*internal_url*] +# (optional) The endpoint's internal url. (Defaults to 'http://127.0.0.1:9001') +# This url should *not* contain any trailing '/'. +# +# [*version*] +# (optional) DEPRECATED: Use public_url, internal_url and admin_url instead. +# API version endpoint. (Defaults to 'v1') +# Setting this parameter overrides public_url, internal_url and admin_url parameters. +# +# [*port*] +# (optional) DEPRECATED: Use public_url, internal_url and admin_url instead. +# Default port for endpoints. (Defaults to 9001) +# Setting this parameter overrides public_url, internal_url and admin_url parameters. +# +# [*public_protocol*] +# (optional) DEPRECATED: Use public_url instead. +# Protocol for public endpoint. (Defaults to 'http') +# Setting this parameter overrides public_url parameter. +# +# [*public_address*] +# (optional) DEPRECATED: Use public_url instead. +# Public address for endpoint. (Defaults to '127.0.0.1') +# Setting this parameter overrides public_url parameter. +# +# [*internal_protocol*] +# (optional) DEPRECATED: Use internal_url instead. +# Protocol for internal endpoint. (Defaults to 'http') +# Setting this parameter overrides internal_url parameter. +# +# [*internal_address*] +# (optional) DEPRECATED: Use internal_url instead. +# Internal address for endpoint. (Defaults to '127.0.0.1') +# Setting this parameter overrides internal_url parameter. +# +# [*admin_protocol*] +# (optional) DEPRECATED: Use admin_url instead. +# Protocol for admin endpoint. (Defaults to 'http') +# Setting this parameter overrides admin_url parameter. +# +# [*admin_address*] +# (optional) DEPRECATED: Use admin_url instead. +# Admin address for endpoint. (Defaults to '127.0.0.1') +# Setting this parameter overrides admin_url parameter. +# +# === Deprecation notes +# +# If any value is provided for public_protocol, public_address or port parameters, +# public_url will be completely ignored. The same applies for internal and admin parameters. +# +# === Examples +# +# class { 'designate::keystone::auth': +# public_url => 'https://10.0.0.10:9001', +# internal_url => 'https://10.0.0.11:9001', +# admin_url => 'https://10.0.0.11:9001', +# } +# +class designate::keystone::auth ( + $password = false, + $email = 'designate@localhost', + $auth_name = 'designate', + $service_name = undef, + $service_type = 'dns', + $service_description = 'Openstack DNSaas Service', + $region = 'RegionOne', + $tenant = 'services', + $configure_endpoint = true, + $public_url = 'http://127.0.0.1:9001/v1', + $admin_url = 'http://127.0.0.1:9001/v1', + $internal_url = 'http://127.0.0.1:9001/v1', + # DEPRECATED PARAMETERS + $version = undef, + $port = undef, + $public_protocol = undef, + $public_address = undef, + $internal_protocol = undef, + $internal_address = undef, + $admin_protocol = undef, + $admin_address = undef, +) { + + if $version { + warning('The version parameter is deprecated, use public_url, internal_url and admin_url instead.') + } + + if $port { + warning('The port parameter is deprecated, use public_url, internal_url and admin_url instead.') + } + + if $public_protocol { + warning('The public_protocol parameter is deprecated, use public_url instead.') + } + + if $internal_protocol { + warning('The internal_protocol parameter is deprecated, use internal_url instead.') + } + + if $admin_protocol { + warning('The admin_protocol parameter is deprecated, use admin_url instead.') + } + + if $public_address { + warning('The public_address parameter is deprecated, use public_url instead.') + } + + if $internal_address { + warning('The internal_address parameter is deprecated, use internal_url instead.') + } + + if $admin_address { + warning('The admin_address parameter is deprecated, use admin_url instead.') + } + + if ($public_protocol or $public_address or $port or $version) { + $public_url_real = sprintf('%s://%s:%s/%s', + pick($public_protocol, 'http'), + pick($public_address, '127.0.0.1'), + pick($port, '9001'), + pick($version, 'v1')) + } else { + $public_url_real = $public_url + } + + if ($admin_protocol or $admin_address or $port or $version) { + $admin_url_real = sprintf('%s://%s:%s/%s', + pick($admin_protocol, 'http'), + pick($admin_address, '127.0.0.1'), + pick($port, '9001'), + pick($version, 'v1')) + } else { + $admin_url_real = $admin_url + } + + if ($internal_protocol or $internal_address or $port or $version) { + $internal_url_real = sprintf('%s://%s:%s/%s', + pick($internal_protocol, 'http'), + pick($internal_address, '127.0.0.1'), + pick($port, '9001'), + pick($version, 'v1')) + } else { + $internal_url_real = $internal_url + } + + $real_service_name = pick($service_name, $auth_name) + + Keystone_user_role["${auth_name}@${tenant}"] ~> + Service <| name == 'designate-api' |> + + keystone::resource::service_identity { 'designate': + configure_user => true, + configure_user_role => true, + configure_endpoint => $configure_endpoint, + service_name => $real_service_name, + service_type => $service_type, + service_description => $service_description, + region => $region, + auth_name => $auth_name, + password => $password, + email => $email, + tenant => $tenant, + public_url => $public_url_real, + internal_url => $internal_url_real, + admin_url => $admin_url_real, + } + +} diff --git a/deployment_scripts/puppet/modules/designate/manifests/params.pp b/deployment_scripts/puppet/modules/designate/manifests/params.pp new file mode 100644 index 0000000..ba08294 --- /dev/null +++ b/deployment_scripts/puppet/modules/designate/manifests/params.pp @@ -0,0 +1,45 @@ +# Params +# +class designate::params { + $dbsync_command = 'designate-manage database sync' + $powerdns_dbsync_command = 'designate-manage powerdns sync' + $state_path = '/var/lib/designate' + # bind path + $designatepath = "${state_path}/bind9" + $designatefile = "${state_path}/bind9/zones.config" + # Log dir + $log_dir = '/var/log/designate' + $client_package_name = 'python-designateclient' + + case $::osfamily { + 'RedHat': { + # package name + $common_package_name = 'openstack-designate' + $api_package_name = 'openstack-designate-api' + $central_package_name = 'openstack-designate-central' + $agent_package_name = 'openstack-designate-agent' + $sink_package_name = 'openstack-designate-sink' + # service names + $agent_service_name = 'openstack-designate-agent' + $api_service_name = 'openstack-designate-api' + $central_service_name = 'openstack-designate-central' + $sink_service_name = 'openstack-designate-sink' + } + 'Debian': { + # package name + $common_package_name = 'designate-common' + $api_package_name = 'designate-api' + $central_package_name = 'designate-central' + $agent_package_name = 'designate-agent' + $sink_package_name = 'designate-sink' + # service names + $agent_service_name = 'designate-agent' + $api_service_name = 'designate-api' + $central_service_name = 'designate-central' + $sink_service_name = 'designate-sink' + } + default: { + fail("Unsupported osfamily: ${::osfamily} operatingsystem") + } + } +} diff --git a/deployment_scripts/puppet/modules/designate/manifests/policy.pp b/deployment_scripts/puppet/modules/designate/manifests/policy.pp new file mode 100644 index 0000000..dd09014 --- /dev/null +++ b/deployment_scripts/puppet/modules/designate/manifests/policy.pp @@ -0,0 +1,40 @@ +# == Class: designate::policy +# +# Configure the designate policies +# +# === Parameters +# +# [*policies*] +# (optional) Set of policies to configure for designate +# Example : +# { +# 'create_domain' => { +# 'key' => 'create_domain', +# 'value' => 'rule:admin' +# }, +# 'delete_domain' => { +# 'key' => 'default', +# 'value' => 'rule:admin' +# } +# } +# Defaults to empty hash. +# +# +# [*policy_path*] +# (optional) Path to the designate policy.json file +# Defaults to /etc/designate/policy.json +# +class designate::policy ( + $policies = {}, + $policy_path = '/etc/designate/policy.json', +) { + + validate_hash($policies) + + Openstacklib::Policy::Base { + file_path => $policy_path, + } + + create_resources('openstacklib::policy::base', $policies) + +} diff --git a/deployment_scripts/puppet/modules/designate/manifests/sink.pp b/deployment_scripts/puppet/modules/designate/manifests/sink.pp new file mode 100644 index 0000000..266cbc8 --- /dev/null +++ b/deployment_scripts/puppet/modules/designate/manifests/sink.pp @@ -0,0 +1,46 @@ +# == Class designate::sink +# +# Configure designate sink service +# +# == Parameters +# +# [*package_ensure*] +# (optional) The state of the package +# Defaults to 'present' +# +# [*sink_package_name*] +# (optional) Name of the package containing sink resources +# Defaults to sink_package_name from designate::params +# +# [*enabled*] +# (optional) Whether to enable services. +# Defaults to true +# +# [*service_ensure*] +# (optional) Whether the designate sink service will be running. +# Defaults to 'running' +# +class designate::sink ( + $package_ensure = present, + $sink_package_name = undef, + $enabled = true, + $service_ensure = 'running', +) { + include ::designate::params + + package { 'designate-sink': + ensure => $package_ensure, + name => pick($sink_package_name, $::designate::params::sink_service_name), + tag => 'openstack', + } + + Package['designate-sink'] -> Service['designate-sink'] + + service { 'designate-sink': + ensure => $service_ensure, + name => $::designate::params::sink_service_name, + enable => $enabled, + hasstatus => true, + hasrestart => true, + } +} diff --git a/deployment_scripts/puppet/modules/designate/metadata.json b/deployment_scripts/puppet/modules/designate/metadata.json new file mode 100644 index 0000000..73f1406 --- /dev/null +++ b/deployment_scripts/puppet/modules/designate/metadata.json @@ -0,0 +1,40 @@ +{ + "name": "openstack-designate", + "version": "6.1.0", + "author": "Xingchao Yu and StackForge Contributors", + "summary": "Puppet module for OpenStack Designate", + "license": "Apache-2.0", + "source": "git://github.com/openstack/puppet-designate.git", + "project_page": "https://launchpad.net/puppet-designate", + "issues_url": "https://bugs.launchpad.net/puppet-designate", + "requirements": [ + { "name": "pe","version_requirement": "3.x" }, + { "name": "puppet","version_requirement": "3.x" } + ], + "operatingsystem_support": [ + { + "operatingsystem": "Fedora", + "operatingsystemrelease": ["20"] + }, + { + "operatingsystem": "RedHat", + "operatingsystemrelease": ["7"] + }, + { + "operatingsystem": "Debian", + "operatingsystemrelease": ["8"] + }, + { + "operatingsystem": "Ubuntu", + "operatingsystemrelease": ["14.04"] + } + ], + "description": "Installs and configures OpenStack Designate (DNS Services).", + "dependencies": [ + { "name": "puppetlabs/inifile", "version_requirement": ">=1.0.0 <2.0.0" }, + { "name": "openstack/keystone", "version_requirement": ">=6.0.0 <7.0.0" }, + { "name": "puppetlabs/stdlib", "version_requirement": ">=4.0.0 <5.0.0" }, + { "name": "theforeman/dns", "version_requirement": ">=1.4.0 <4.0.0" }, + { "name": "openstack/openstacklib", "version_requirement": ">=6.0.0 <7.0.0" } + ] +} diff --git a/deployment_scripts/puppet/modules/designate/spec/acceptance/basic_designate_spec.rb b/deployment_scripts/puppet/modules/designate/spec/acceptance/basic_designate_spec.rb new file mode 100644 index 0000000..aa41c60 --- /dev/null +++ b/deployment_scripts/puppet/modules/designate/spec/acceptance/basic_designate_spec.rb @@ -0,0 +1,148 @@ +require 'spec_helper_acceptance' + +describe 'basic designate' do + + context 'default parameters' do + + it 'should work with no errors' do + ppp= <<-EOS + case $::osfamily { + 'Debian': { + Exec { logoutput => 'on_failure' } + package { ['debconf-utils','debconf']: ensure => installed, } -> + exec { 'fix_empty_rabbit_password': + command => '/bin/echo "designate-common designate/rabbit_password password password" | /usr/bin/debconf-set-selections', + unless => '/usr/bin/debconf-get-selections | grep "designate/rabbit_password"', + } + exec { 'fix_empty_keystone_password': + command => '/bin/echo "designate-common designate/admin-password password password" | /usr/bin/debconf-set-selections', + unless => '/usr/bin/debconf-get-selections | grep "designate/admin-password"', + } + } + } + EOS + pp= <<-EOS + Exec { logoutput => 'on_failure' } + + # Common resources + case $::osfamily { + 'Debian': { + include ::apt + class { '::openstack_extras::repo::debian::ubuntu': + release => 'kilo', + package_require => true, + } + $package_provider = 'apt' + } + 'RedHat': { + class { '::openstack_extras::repo::redhat::redhat': + release => 'kilo', + } + package { 'openstack-selinux': ensure => 'latest' } + $package_provider = 'yum' + } + default: { + fail("Unsupported osfamily (${::osfamily})") + } + } + + class { '::mysql::server': } + + class { '::rabbitmq': + delete_guest_user => true, + package_provider => $package_provider, + } + + rabbitmq_vhost { '/': + provider => 'rabbitmqctl', + require => Class['rabbitmq'], + } + + rabbitmq_user { 'designate': + admin => true, + password => 'an_even_bigger_secret', + provider => 'rabbitmqctl', + require => Class['rabbitmq'], + } + + rabbitmq_user_permissions { 'designate@/': + configure_permission => '.*', + write_permission => '.*', + read_permission => '.*', + provider => 'rabbitmqctl', + require => Class['rabbitmq'], + } + + # Keystone resources, needed by Designate to run + class { '::keystone::db::mysql': + password => 'keystone', + } + class { '::keystone': + verbose => true, + debug => true, + database_connection => 'mysql://keystone:keystone@127.0.0.1/keystone', + admin_token => 'admin_token', + enabled => true, + } + class { '::keystone::roles::admin': + email => 'test@example.tld', + password => 'a_big_secret', + } + class { '::keystone::endpoint': + public_url => "https://${::fqdn}:5000/", + admin_url => "https://${::fqdn}:35357/", + } + + case $::osfamily { + 'Debian': { + # Designate resources + class { '::designate::db::mysql': + password => 'a_big_secret', + } + class { '::designate::keystone::auth': + password => 'a_big_secret', + } + class { '::designate': + rabbit_userid => 'designate', + rabbit_password => 'an_even_bigger_secret', + rabbit_host => '127.0.0.1', + } + class { '::designate::api': + enabled => true, + auth_strategy => 'keystone', + keystone_password => 'a_big_secret', + } + class { '::designate::backend::bind9': + rndc_config_file => '', + rndc_key_file => '', + } + include ::designate::client + class { '::designate::agent': } + class { '::designate::db': + database_connection => 'mysql://designate:a_big_secret@127.0.0.1/designate?charset=utf8', + } + include ::designate::dns + } + 'RedHat': { + warning("Designate packaging is not ready on ${::osfamily}.") + } + } + EOS + + # TODO : A fix on inifile must be filed, if the value is an empty string, the inifile provider + # configure the value with a newline.https://paste.debian.net/238471/ + apply_manifest(ppp, :catch_failures => true) + # Run it once, idempotency does not work + # this is what we have each time we run puppet after first time: + # http://paste.openstack.org/show/2ebHALkNguNsE0804Oev/ + apply_manifest(pp, :catch_failures => true) + end + + if os[:family] == 'Debian' + describe port(9001) do + it { is_expected.to be_listening.with('tcp') } + end + end + + end +end diff --git a/deployment_scripts/puppet/modules/designate/spec/acceptance/nodesets/default.yml b/deployment_scripts/puppet/modules/designate/spec/acceptance/nodesets/default.yml new file mode 100644 index 0000000..a2c1ecc --- /dev/null +++ b/deployment_scripts/puppet/modules/designate/spec/acceptance/nodesets/default.yml @@ -0,0 +1,9 @@ +HOSTS: + ubuntu-14.04-amd64: + roles: + - master + platform: ubuntu-14.04-amd64 + hypervisor : none + ip: 127.0.0.1 +CONFIG: + type: foss diff --git a/deployment_scripts/puppet/modules/designate/spec/acceptance/nodesets/nodepool-centos7.yml b/deployment_scripts/puppet/modules/designate/spec/acceptance/nodesets/nodepool-centos7.yml new file mode 100644 index 0000000..575ae67 --- /dev/null +++ b/deployment_scripts/puppet/modules/designate/spec/acceptance/nodesets/nodepool-centos7.yml @@ -0,0 +1,10 @@ +HOSTS: + centos-70-x64: + roles: + - master + platform: el-7-x86_64 + hypervisor : none + ip: 127.0.0.1 +CONFIG: + type: foss + set_env: false diff --git a/deployment_scripts/puppet/modules/designate/spec/acceptance/nodesets/nodepool-trusty.yml b/deployment_scripts/puppet/modules/designate/spec/acceptance/nodesets/nodepool-trusty.yml new file mode 100644 index 0000000..a95d9f3 --- /dev/null +++ b/deployment_scripts/puppet/modules/designate/spec/acceptance/nodesets/nodepool-trusty.yml @@ -0,0 +1,10 @@ +HOSTS: + ubuntu-14.04-amd64: + roles: + - master + platform: ubuntu-14.04-amd64 + hypervisor : none + ip: 127.0.0.1 +CONFIG: + type: foss + set_env: false diff --git a/deployment_scripts/puppet/modules/designate/spec/classes/designate_agent_spec.rb b/deployment_scripts/puppet/modules/designate/spec/classes/designate_agent_spec.rb new file mode 100644 index 0000000..026f12b --- /dev/null +++ b/deployment_scripts/puppet/modules/designate/spec/classes/designate_agent_spec.rb @@ -0,0 +1,88 @@ +# +# Unit tests for designate::agent +# +require 'spec_helper' + +describe 'designate::agent' do + let :params do + { + :enabled => true + } + end + + shared_examples 'designate-agent' do + context 'with default parameters' do + it 'installs designate-agent package and service' do + is_expected.to contain_service('designate-agent').with( + :name => platform_params[:agent_service_name], + :ensure => 'running', + :enable => 'true' + ) + is_expected.to contain_package('designate-agent').with( + :name => platform_params[:agent_package_name], + :ensure => 'present', + :tag => 'openstack' + ) + end + + it 'configures designate-agent with default parameters' do + is_expected.to contain_designate_config('service:agent/backend_driver').with_value('bind9') + end + + context 'when using Power DNS backend driver' do + before { params.merge!(:backend_driver => 'powerdns') } + it 'configures designate-agent with pdns backend' do + is_expected.to contain_designate_config('service:agent/backend_driver').with_value('powerdns') + end + end + end + end + + context 'on Debian platforms' do + let :facts do + { :osfamily => 'Debian' } + end + + let :platform_params do + { + :agent_package_name => 'designate-agent', + :agent_service_name => 'designate-agent' + } + end + + it_configures 'designate-agent' + end + + context 'on RedHat platforms' do + let :facts do + { :osfamily => 'RedHat' } + end + + let :platform_params do + { + :agent_package_name => 'openstack-designate-agent', + :agent_service_name => 'openstack-designate-agent' + } + end + + it_configures 'designate-agent' + end + + context 'with custom package name' do + let :facts do + { :osfamily => 'RedHat' } + end + + let :platform_params do + { :agent_package_name => 'designate-agent-custom-name', + :agent_service_name => 'openstack-designate-agent' + } + end + + before do + params.merge!({ :agent_package_name => 'designate-agent-custom-name' }) + end + + it_configures 'designate-agent' + end +end diff --git a/deployment_scripts/puppet/modules/designate/spec/classes/designate_api_spec.rb b/deployment_scripts/puppet/modules/designate/spec/classes/designate_api_spec.rb new file mode 100644 index 0000000..b106919 --- /dev/null +++ b/deployment_scripts/puppet/modules/designate/spec/classes/designate_api_spec.rb @@ -0,0 +1,104 @@ +# +# Unit tests for designate::api +# +require 'spec_helper' + +describe 'designate::api' do + let :params do + { + :keystone_password => 'passw0rd', + :keystone_host => '10.0.0.42', + :keystone_port => '35357', + :keystone_protocol => 'https', + :keystone_tenant => '_services_', + :keystone_user => 'designate', + } + end + + shared_examples 'designate-api' do + context 'with default parameters' do + it 'installs designate-api package and service' do + is_expected.to contain_service('designate-api').with( + :name => platform_params[:api_service_name], + :ensure => 'running', + :require => 'Class[Designate::Db]', + :enable => 'true', + :subscribe => 'Exec[designate-dbsync]' + ) + is_expected.to contain_package('designate-api').with( + :name => platform_params[:api_package_name], + :ensure => 'present', + :tag => 'openstack' + ) + end + + it 'configures designate-api with default parameters' do + is_expected.to contain_designate_config('service:api/auth_strategy').with_value('noauth') + is_expected.to contain_designate_config('service:api/enable_api_v1').with_value(true) + + is_expected.to contain_designate_config('keystone_authtoken/auth_host').with_value('10.0.0.42') + is_expected.to contain_designate_config('keystone_authtoken/auth_port').with_value('35357') + is_expected.to contain_designate_config('keystone_authtoken/auth_protocol').with_value('https') + is_expected.to contain_designate_config('keystone_authtoken/admin_tenant_name').with_value('_services_') + is_expected.to contain_designate_config('keystone_authtoken/admin_user').with_value('designate') + is_expected.to contain_designate_config('keystone_authtoken/admin_password').with_value('passw0rd') + + end + + context 'when using auth against keystone' do + before { params.merge!(:auth_strategy => 'keystone') } + it 'configures designate-api with keystone auth strategy' do + is_expected.to contain_designate_config('service:api/auth_strategy').with_value('keystone') + end + end + end + end + + context 'on Debian platforms' do + let :facts do + { :osfamily => 'Debian' } + end + + let :platform_params do + { + :api_package_name => 'designate-api', + :api_service_name => 'designate-api' + } + end + + it_configures 'designate-api' + end + + context 'on RedHat platforms' do + let :facts do + { :osfamily => 'RedHat' } + end + + let :platform_params do + { + :api_package_name => 'openstack-designate-api', + :api_service_name => 'openstack-designate-api' + } + end + + it_configures 'designate-api' + end + + context 'with custom package name' do + let :facts do + { :osfamily => 'RedHat' } + end + + let :platform_params do + { :api_package_name => 'designate-api-custom-name', + :api_service_name => 'openstack-designate-api' + } + end + + before do + params.merge!({ :api_package_name => 'designate-api-custom-name' }) + end + + it_configures 'designate-api' + end +end diff --git a/deployment_scripts/puppet/modules/designate/spec/classes/designate_backend_bind9_spec.rb b/deployment_scripts/puppet/modules/designate/spec/classes/designate_backend_bind9_spec.rb new file mode 100644 index 0000000..22994d1 --- /dev/null +++ b/deployment_scripts/puppet/modules/designate/spec/classes/designate_backend_bind9_spec.rb @@ -0,0 +1,49 @@ +# +# Unit tests for designate::backend::bind9 +# +require 'spec_helper' + +describe 'designate::backend::bind9' do + + let :facts do + { + :osfamily => 'Debian', + :concat_basedir => '/var/lib/puppet/concat', + } + end + + context 'with default params' do + it 'configures designate backend bind9 with default parameters' do + is_expected.to contain_designate_config('backend:bind9/rndc_host').with_value('127.0.0.1') + is_expected.to contain_designate_config('backend:bind9/rndc_port').with_value('953') + is_expected.to contain_designate_config('backend:bind9/rndc_config_file').with_value('/etc/rndc.conf') + is_expected.to contain_designate_config('backend:bind9/rndc_key_file').with_value('/etc/rndc.key') + is_expected.to contain_file_line('dns allow-new-zones') + end + end + + context 'when overriding rndc_config_file' do + let :params do + { :rndc_config_file => '/srv/designate/rndc.conf' } + end + + it 'configures designate bind9 backend with custom rndc_config_file' do + is_expected.to contain_designate_config('backend:bind9/rndc_config_file').with_value(params[:rndc_config_file]) + end + end + + context 'when overriding rndc_host and rndc_port' do + let :params do + { + :rndc_host => '10.0.0.42', + :rndc_port => '1337' + } + end + + it 'configures designate bind9 backend with custom rndc_port and rndc_host' do + is_expected.to contain_designate_config('backend:bind9/rndc_port').with_value(params[:rndc_port]) + is_expected.to contain_designate_config('backend:bind9/rndc_host').with_value(params[:rndc_host]) + end + end + +end diff --git a/deployment_scripts/puppet/modules/designate/spec/classes/designate_backend_powerdns_spec.rb b/deployment_scripts/puppet/modules/designate/spec/classes/designate_backend_powerdns_spec.rb new file mode 100644 index 0000000..070998e --- /dev/null +++ b/deployment_scripts/puppet/modules/designate/spec/classes/designate_backend_powerdns_spec.rb @@ -0,0 +1,30 @@ +# +# Unit tests for designate::backend::powerdns +# +require 'spec_helper' + +describe 'designate::backend::powerdns' do + + let :facts do + { :osfamily => 'Debian' } + end + + let :params do + { :database_connection => 'mysql://dbserver' } + end + + context 'with default params' do + it 'configures designate backend powerdns with default parameters' do + is_expected.to contain_designate_config('backend:powerdns/connection').with_value('mysql://dbserver') + is_expected.to contain_designate_config('backend:powerdns/use_db_reconnect').with_value(true) + is_expected.to contain_file('/var/lib/designate').with( + 'ensure' => 'directory', + 'owner' => 'designate', + 'group' => 'designate', + 'mode' => '0750', + ) + is_expected.to contain_exec('designate-powerdns-dbsync').that_subscribes_to('Designate_config[backend:powerdns/connection]') + end + end + +end diff --git a/deployment_scripts/puppet/modules/designate/spec/classes/designate_central_spec.rb b/deployment_scripts/puppet/modules/designate/spec/classes/designate_central_spec.rb new file mode 100644 index 0000000..12cb48c --- /dev/null +++ b/deployment_scripts/puppet/modules/designate/spec/classes/designate_central_spec.rb @@ -0,0 +1,88 @@ +# +# Unit tests for designate::central +# +require 'spec_helper' + +describe 'designate::central' do + let :params do + { + :enabled => true + } + end + + shared_examples 'designate-central' do + context 'with default parameters' do + it 'installs designate-central package and service' do + is_expected.to contain_service('designate-central').with( + :name => platform_params[:central_service_name], + :ensure => 'running', + :enable => 'true' + ) + is_expected.to contain_package('designate-central').with( + :name => platform_params[:central_package_name], + :ensure => 'present', + :tag => 'openstack' + ) + end + + it 'configures designate-central with default parameters' do + is_expected.to contain_designate_config('service:central/backend_driver').with_value('bind9') + end + + context 'when using Power DNS backend driver' do + before { params.merge!(:backend_driver => 'powerdns') } + it 'configures designate-central with pdns backend' do + is_expected.to contain_designate_config('service:central/backend_driver').with_value('powerdns') + end + end + end + end + + context 'on Debian platforms' do + let :facts do + { :osfamily => 'Debian' } + end + + let :platform_params do + { + :central_package_name => 'designate-central', + :central_service_name => 'designate-central' + } + end + + it_configures 'designate-central' + end + + context 'on RedHat platforms' do + let :facts do + { :osfamily => 'RedHat' } + end + + let :platform_params do + { + :central_package_name => 'openstack-designate-central', + :central_service_name => 'openstack-designate-central' + } + end + + it_configures 'designate-central' + end + + context 'with custom package name' do + let :facts do + { :osfamily => 'RedHat' } + end + + let :platform_params do + { :central_package_name => 'designate-central-custom-name', + :central_service_name => 'openstack-designate-central' + } + end + + before do + params.merge!({ :central_package_name => 'designate-central-custom-name' }) + end + + it_configures 'designate-central' + end +end diff --git a/deployment_scripts/puppet/modules/designate/spec/classes/designate_client_spec.rb b/deployment_scripts/puppet/modules/designate/spec/classes/designate_client_spec.rb new file mode 100644 index 0000000..7e2c510 --- /dev/null +++ b/deployment_scripts/puppet/modules/designate/spec/classes/designate_client_spec.rb @@ -0,0 +1,60 @@ +# +# Unit tests for designate::client +# +require 'spec_helper' + +describe 'designate::client' do + + shared_examples 'designate-client' do + + it { is_expected.to contain_class('designate::params') } + + it 'installs designate client package' do + is_expected.to contain_package('python-designateclient').with( + :ensure => 'present', + :name => platform_params[:client_package_name], + :tag => 'openstack' + ) + end + end + + context 'on Debian platforms' do + let :facts do + { :osfamily => 'Debian' } + end + + let :platform_params do + { :client_package_name => 'python-designateclient' } + end + + it_configures 'designate-client' + end + + context 'on RedHat platforms' do + let :facts do + { :osfamily => 'RedHat' } + end + + let :platform_params do + { :client_package_name => 'python-designateclient' } + end + + it_configures 'designate-client' + end + + context 'with custom package name' do + let :facts do + { :osfamily => 'RedHat' } + end + + let :platform_params do + { :client_package_name => 'designate-client-custom-name' } + end + + let :params do + { :client_package_name => 'designate-client-custom-name' } + end + + it_configures 'designate-client' + end +end diff --git a/deployment_scripts/puppet/modules/designate/spec/classes/designate_config_spec.rb b/deployment_scripts/puppet/modules/designate/spec/classes/designate_config_spec.rb new file mode 100644 index 0000000..d9585d9 --- /dev/null +++ b/deployment_scripts/puppet/modules/designate/spec/classes/designate_config_spec.rb @@ -0,0 +1,30 @@ +require 'spec_helper' + +describe 'designate::config' do + + let :params do + { :designate_config => { + 'DEFAULT/foo' => { 'value' => 'fooValue' }, + 'DEFAULT/bar' => { 'value' => 'barValue' }, + 'DEFAULT/baz' => { 'ensure' => 'absent' } + }, + :api_paste_ini_config => { + 'DEFAULT/foo2' => { 'value' => 'fooValue' }, + 'DEFAULT/bar2' => { 'value' => 'barValue' }, + 'DEFAULT/baz2' => { 'ensure' => 'absent' } + } + } + end + + it 'configures arbitrary designate configurations' do + is_expected.to contain_designate_config('DEFAULT/foo').with_value('fooValue') + is_expected.to contain_designate_config('DEFAULT/bar').with_value('barValue') + is_expected.to contain_designate_config('DEFAULT/baz').with_ensure('absent') + end + + it 'configures arbitrary designate api-paste configurations' do + is_expected.to contain_designate_api_paste_ini('DEFAULT/foo2').with_value('fooValue') + is_expected.to contain_designate_api_paste_ini('DEFAULT/bar2').with_value('barValue') + is_expected.to contain_designate_api_paste_ini('DEFAULT/baz2').with_ensure('absent') + end +end diff --git a/deployment_scripts/puppet/modules/designate/spec/classes/designate_db_mysql_spec.rb b/deployment_scripts/puppet/modules/designate/spec/classes/designate_db_mysql_spec.rb new file mode 100644 index 0000000..1d2d796 --- /dev/null +++ b/deployment_scripts/puppet/modules/designate/spec/classes/designate_db_mysql_spec.rb @@ -0,0 +1,103 @@ +require 'spec_helper' + +describe 'designate::db::mysql' do + + let :pre_condition do + 'include mysql::server' + end + + let :required_params do + { :password => "qwerty" } + end + + context 'on a Debian osfamily' do + let :facts do + { :osfamily => "Debian" } + end + + context 'with only required parameters' do + let :params do + required_params + end + + it { is_expected.to contain_openstacklib__db__mysql('designate').with( + :user => 'designate', + :password_hash => '*AA1420F182E88B9E5F874F6FBE7459291E8F4601', + :charset => 'utf8' + )} + end + + context 'when overriding charset' do + let :params do + { :charset => 'latin1' }.merge(required_params) + end + + it { is_expected.to contain_openstacklib__db__mysql('designate').with_charset(params[:charset]) } + end + end + + context 'on a RedHat osfamily' do + let :facts do + { :osfamily => 'RedHat' } + end + + context 'with only required parameters' do + let :params do + required_params + end + + it { is_expected.to contain_openstacklib__db__mysql('designate').with( + :user => 'designate', + :password_hash => '*AA1420F182E88B9E5F874F6FBE7459291E8F4601', + :charset => 'utf8' + )} + end + + context 'when overriding charset' do + let :params do + { :charset => 'latin1' }.merge(required_params) + end + + it { is_expected.to contain_openstacklib__db__mysql('designate').with_charset(params[:charset]) } + end + end + + describe "overriding allowed_hosts param to array" do + let :facts do + { :osfamily => "Debian" } + end + let :params do + { + :password => 'designatepass', + :allowed_hosts => ['127.0.0.1','%'] + } + end + + end + + describe "overriding allowed_hosts param to string" do + let :facts do + { :osfamily => 'RedHat' } + end + let :params do + { + :password => 'designatepass2', + :allowed_hosts => '192.168.1.1' + } + end + + end + + describe "overriding allowed_hosts param equals to host param " do + let :facts do + { :osfamily => 'RedHat' } + end + let :params do + { + :password => 'designatepass2', + :allowed_hosts => '127.0.0.1' + } + end + + end +end diff --git a/deployment_scripts/puppet/modules/designate/spec/classes/designate_db_powerdns_mysql_spec.rb b/deployment_scripts/puppet/modules/designate/spec/classes/designate_db_powerdns_mysql_spec.rb new file mode 100644 index 0000000..a2a7496 --- /dev/null +++ b/deployment_scripts/puppet/modules/designate/spec/classes/designate_db_powerdns_mysql_spec.rb @@ -0,0 +1,103 @@ +require 'spec_helper' + +describe 'designate::db::powerdns::mysql' do + + let :pre_condition do + 'include mysql::server' + end + + let :required_params do + { :password => "qwerty" } + end + + context 'on a Debian osfamily' do + let :facts do + { :osfamily => "Debian" } + end + + context 'with only required parameters' do + let :params do + required_params + end + + it { is_expected.to contain_openstacklib__db__mysql('powerdns').with( + :user => 'powerdns', + :password_hash => '*AA1420F182E88B9E5F874F6FBE7459291E8F4601', + :charset => 'utf8' + )} + end + + context 'when overriding charset' do + let :params do + { :charset => 'latin1' }.merge(required_params) + end + + it { is_expected.to contain_openstacklib__db__mysql('powerdns').with_charset(params[:charset]) } + end + end + + context 'on a RedHat osfamily' do + let :facts do + { :osfamily => 'RedHat' } + end + + context 'with only required parameters' do + let :params do + required_params + end + + it { is_expected.to contain_openstacklib__db__mysql('powerdns').with( + :user => 'powerdns', + :password_hash => '*AA1420F182E88B9E5F874F6FBE7459291E8F4601', + :charset => 'utf8' + )} + end + + context 'when overriding charset' do + let :params do + { :charset => 'latin1' }.merge(required_params) + end + + it { is_expected.to contain_openstacklib__db__mysql('powerdns').with_charset(params[:charset]) } + end + end + + describe "overriding allowed_hosts param to array" do + let :facts do + { :osfamily => "Debian" } + end + let :params do + { + :password => 'designatepass', + :allowed_hosts => ['127.0.0.1','%'] + } + end + + end + + describe "overriding allowed_hosts param to string" do + let :facts do + { :osfamily => 'RedHat' } + end + let :params do + { + :password => 'designatepass2', + :allowed_hosts => '192.168.1.1' + } + end + + end + + describe "overriding allowed_hosts param equals to host param " do + let :facts do + { :osfamily => 'RedHat' } + end + let :params do + { + :password => 'designatepass2', + :allowed_hosts => '127.0.0.1' + } + end + + end +end diff --git a/deployment_scripts/puppet/modules/designate/spec/classes/designate_db_spec.rb b/deployment_scripts/puppet/modules/designate/spec/classes/designate_db_spec.rb new file mode 100644 index 0000000..a6713b0 --- /dev/null +++ b/deployment_scripts/puppet/modules/designate/spec/classes/designate_db_spec.rb @@ -0,0 +1,37 @@ +# +# Unit tests for designate::db +# +require 'spec_helper' + +describe 'designate::db' do + + shared_examples 'designate-db' do + + context 'with default params' do + it 'configures designate db with default parameters' do + is_expected.to contain_designate_config('storage:sqlalchemy/connection').with_value('mysql://designate:designate@localhost/designate') + is_expected.to contain_class('mysql::bindings') + is_expected.to contain_class('mysql::bindings::python') + is_expected.to contain_exec('designate-dbsync') + end + end + + end + + context 'on Debian platforms' do + let :facts do + { :osfamily => 'Debian' } + end + + it_configures 'designate-db' + end + + context 'on RedHat platforms' do + let :facts do + { :osfamily => 'RedHat' } + end + + it_configures 'designate-db' + end + +end diff --git a/deployment_scripts/puppet/modules/designate/spec/classes/designate_dns_spec.rb b/deployment_scripts/puppet/modules/designate/spec/classes/designate_dns_spec.rb new file mode 100644 index 0000000..3144988 --- /dev/null +++ b/deployment_scripts/puppet/modules/designate/spec/classes/designate_dns_spec.rb @@ -0,0 +1,49 @@ +# +# Unit tests for designate::dns +# +require 'spec_helper' + +describe 'designate::dns' do + + shared_examples 'designate-dns' do + + it 'configures designate configuration folder' do + is_expected.to contain_file(params[:designatepath]).with(:ensure => 'directory') + end + + it 'configures designate configuration file' do + is_expected.to contain_file(params[:designatefile]) + end + + end + + context 'on Debian platforms' do + let :facts do + { :osfamily => 'Debian' } + end + + let :params do + { + :designatepath => '/var/cache/bind/bind9', + :designatefile => '/var/cache/bind/bind9/zones.config' + } + end + + it_configures 'designate-dns' + end + + context 'on RedHat platforms' do + let :facts do + { :osfamily => 'RedHat' } + end + + let :params do + { + :designatepath => '/var/named/bind9', + :designatefile => '/var/named/bind9/zones.config' + } + end + + it_configures 'designate-dns' + end +end diff --git a/deployment_scripts/puppet/modules/designate/spec/classes/designate_init_spec.rb b/deployment_scripts/puppet/modules/designate/spec/classes/designate_init_spec.rb new file mode 100644 index 0000000..79da779 --- /dev/null +++ b/deployment_scripts/puppet/modules/designate/spec/classes/designate_init_spec.rb @@ -0,0 +1,173 @@ +# +# Unit tests for designate::init +# +require 'spec_helper' + +describe 'designate' do + + let :params do + { + :package_ensure => 'installed', + :debug => 'False', + :verbose => 'False', + :root_helper => 'sudo designate-rootwrap /etc/designate/rootwrap.conf' + } + end + + let :rabbit_ha_params do + { + :rabbit_hosts => [ '10.0.0.1:5672', '10.0.0.2:5672', '10.0.0.3:5672' ], + :rabbit_userid => 'guest', + :rabbit_password => '', + :rabbit_virtualhost => '/' + } + end + + let :rabbit_non_ha_params do + { + :rabbit_host => '127.0.0.1', + :rabbit_port => 5672, + :rabbit_userid => 'guest', + :rabbit_password => '', + :rabbit_virtualhost => '/' + } + end + + shared_examples_for 'designate' do + + context 'with rabbit_host parameter' do + it_configures 'a designate base installation' + it_configures 'rabbit without HA support' + it_configures 'rabbit with HA support' + end + + end + + shared_examples_for 'a designate base installation' do + + it { is_expected.to contain_class('designate::params') } + + it 'configures designate group' do + is_expected.to contain_group('designate').with( + :ensure => 'present', + :name => 'designate', + :require => 'Package[designate-common]', + ) + end + + it 'configures designate user' do + is_expected.to contain_user('designate').with( + :ensure => 'present', + :name => 'designate', + :gid => 'designate', + :system => true, + ) + end + + it 'configures designate configuration folder' do + is_expected.to contain_file('/etc/designate/').with( + :ensure => 'directory', + :owner => 'designate', + :group => 'designate', + :mode => '0750' + ) + end + + it 'configures designate configuration file' do + is_expected.to contain_file('/etc/designate/designate.conf').with( + :owner => 'designate', + :group => 'designate', + :mode => '0640' + ) + end + + it 'installs designate common package' do + is_expected.to contain_package('designate-common').with( + :ensure => 'installed', + :name => platform_params[:common_package_name], + :tag => 'openstack' + ) + end + + it 'configures debug and verbosity' do + is_expected.to contain_designate_config('DEFAULT/debug').with_value( params[:debug] ) + is_expected.to contain_designate_config('DEFAULT/verbose').with_value( params[:verbose] ) + is_expected.to contain_designate_config('DEFAULT/root_helper').with_value( params[:root_helper] ) + end + + end + + shared_examples_for 'rabbit without HA support' do + before { params.merge!( rabbit_non_ha_params ) } + + it 'configures rabbit' do + is_expected.to contain_designate_config('DEFAULT/rabbit_userid').with_value( params[:rabbit_userid] ) + is_expected.to contain_designate_config('DEFAULT/rabbit_password').with_value( params[:rabbit_password] ) + is_expected.to contain_designate_config('DEFAULT/rabbit_password').with_value( params[:rabbit_password] ).with_secret(true) + is_expected.to contain_designate_config('DEFAULT/rabbit_virtualhost').with_value( params[:rabbit_virtualhost] ) + end + + it { is_expected.to contain_designate_config('DEFAULT/rabbit_host').with_value( params[:rabbit_host] ) } + it { is_expected.to contain_designate_config('DEFAULT/rabbit_hosts').with_value( "#{params[:rabbit_host]}:#{params[:rabbit_port]}" ) } + it { is_expected.to contain_designate_config('DEFAULT/rabbit_port').with_value( params[:rabbit_port] ) } + it { is_expected.to contain_designate_config('DEFAULT/rabbit_ha_queues').with_value( 'false' ) } + + end + + shared_examples_for 'rabbit with HA support' do + before { params.merge!( rabbit_ha_params ) } + + it 'configures rabbit' do + is_expected.to contain_designate_config('DEFAULT/rabbit_userid').with_value( params[:rabbit_userid] ) + is_expected.to contain_designate_config('DEFAULT/rabbit_password').with_value( params[:rabbit_password] ) + is_expected.to contain_designate_config('DEFAULT/rabbit_password').with_value( params[:rabbit_password] ).with_secret(true) + is_expected.to contain_designate_config('DEFAULT/rabbit_virtualhost').with_value( params[:rabbit_virtualhost] ) + end + + it { is_expected.to contain_designate_config('DEFAULT/rabbit_host').with_ensure( 'absent' ) } + it { is_expected.to contain_designate_config('DEFAULT/rabbit_hosts').with_value( '10.0.0.1:5672,10.0.0.2:5672,10.0.0.3:5672' ) } + it { is_expected.to contain_designate_config('DEFAULT/rabbit_port').with_ensure( 'absent' ) } + it { is_expected.to contain_designate_config('DEFAULT/rabbit_ha_queues').with_value( 'true' ) } + + end + + context 'on Debian platforms' do + let :facts do + { :osfamily => 'Debian' } + end + + let :platform_params do + { :common_package_name => 'designate-common' } + end + + it_configures 'designate' + end + + context 'on RedHat platforms' do + let :facts do + { :osfamily => 'RedHat' } + end + + let :platform_params do + { :common_package_name => 'openstack-designate' } + end + + it_configures 'designate' + end + + context 'with custom package name' do + let :facts do + { :osfamily => 'RedHat' } + end + + let :platform_params do + { :common_package_name => 'designate-common-custom-name' } + end + + before do + params.merge!({ :common_package_name => 'designate-common-custom-name' }) + end + + it_configures 'designate' + end +end diff --git a/deployment_scripts/puppet/modules/designate/spec/classes/designate_keystone_auth_spec.rb b/deployment_scripts/puppet/modules/designate/spec/classes/designate_keystone_auth_spec.rb new file mode 100644 index 0000000..8dad8bd --- /dev/null +++ b/deployment_scripts/puppet/modules/designate/spec/classes/designate_keystone_auth_spec.rb @@ -0,0 +1,112 @@ +# +# Unit tests for designate::keystone::auth +# +require 'spec_helper' + +describe 'designate::keystone::auth' do + + let :facts do + { :osfamily => 'Debian' } + end + + describe 'with default class parameters' do + let :params do + { :password => 'desigpwd', + :tenant => 'fooboozoo' } + end + + it { is_expected.to contain_keystone_user('designate').with( + :ensure => 'present', + :password => 'desigpwd', + :tenant => 'fooboozoo' + ) } + + it { is_expected.to contain_keystone_user_role('designate@fooboozoo').with( + :ensure => 'present', + :roles => ['admin'] + )} + + it { is_expected.to contain_keystone_service('designate').with( + :ensure => 'present', + :type => 'dns', + :description => 'Openstack DNSaas Service' + ) } + + it { is_expected.to contain_keystone_endpoint('RegionOne/designate').with( + :ensure => 'present', + :public_url => "http://127.0.0.1:9001/v1", + :admin_url => "http://127.0.0.1:9001/v1", + :internal_url => "http://127.0.0.1:9001/v1" + ) } + end + + describe 'when configuring designate-server' do + let :pre_condition do + "class { 'designate::server': auth_password => 'test' }" + end + + let :params do + { :password => 'desigpwd', + :tenant => 'fooboozoo' } + end + end + + describe 'when overriding endpoint URLs' do + let :params do + { :password => 'desigpwd', + :public_url => 'https://10.10.10.10:81/v2', + :internal_url => 'https://10.10.10.11:81/v2', + :admin_url => 'https://10.10.10.12:81/v2' } + end + + it { is_expected.to contain_keystone_endpoint('RegionOne/designate').with( + :ensure => 'present', + :public_url => 'https://10.10.10.10:81/v2', + :internal_url => 'https://10.10.10.11:81/v2', + :admin_url => 'https://10.10.10.12:81/v2' + ) } + end + + describe 'with deprecated endpoint parameters' do + let :params do + { :password => 'desigpwd', + :public_protocol => 'https', + :public_address => '10.10.10.10', + :port => '81', + :internal_address => '10.10.10.11', + :admin_address => '10.10.10.12' } + end + + it { is_expected.to contain_keystone_endpoint('RegionOne/designate').with( + :ensure => 'present', + :public_url => "https://10.10.10.10:81/v1", + :internal_url => "http://10.10.10.11:81/v1", + :admin_url => "http://10.10.10.12:81/v1" + ) } + end + + describe 'when overriding auth name' do + let :params do + { :password => 'foo', + :auth_name => 'designate1' } + end + + it { is_expected.to contain_keystone_user('designate1') } + it { is_expected.to contain_keystone_user_role('designate1@services') } + it { is_expected.to contain_keystone_service('designate1') } + it { is_expected.to contain_keystone_endpoint('RegionOne/designate1') } + end + + describe 'when overriding service name' do + let :params do + { :service_name => 'designate_service', + :password => 'foo', + :auth_name => 'designate1' } + end + + it { is_expected.to contain_keystone_user('designate1') } + it { is_expected.to contain_keystone_user_role('designate1@services') } + it { is_expected.to contain_keystone_service('designate_service') } + it { is_expected.to contain_keystone_endpoint('RegionOne/designate_service') } + end +end diff --git a/deployment_scripts/puppet/modules/designate/spec/classes/designate_policy_spec.rb b/deployment_scripts/puppet/modules/designate/spec/classes/designate_policy_spec.rb new file mode 100644 index 0000000..1762c79 --- /dev/null +++ b/deployment_scripts/puppet/modules/designate/spec/classes/designate_policy_spec.rb @@ -0,0 +1,41 @@ +require 'spec_helper' + +describe 'designate::policy' do + + shared_examples_for 'designate policies' do + let :params do + { + :policy_path => '/etc/designate/policy.json', + :policies => { + 'context_is_admin' => { + 'key' => 'context_is_admin', + 'value' => 'foo:bar' + } + } + } + end + + it 'set up the policies' do + is_expected.to contain_openstacklib__policy__base('context_is_admin').with({ + :key => 'context_is_admin', + :value => 'foo:bar' + }) + end + end + + context 'on Debian platforms' do + let :facts do + { :osfamily => 'Debian' } + end + + it_configures 'designate policies' + end + + context 'on RedHat platforms' do + let :facts do + { :osfamily => 'RedHat' } + end + + it_configures 'designate policies' + end +end diff --git a/deployment_scripts/puppet/modules/designate/spec/classes/designate_sink_spec.rb b/deployment_scripts/puppet/modules/designate/spec/classes/designate_sink_spec.rb new file mode 100644 index 0000000..d87275c --- /dev/null +++ b/deployment_scripts/puppet/modules/designate/spec/classes/designate_sink_spec.rb @@ -0,0 +1,77 @@ +# +# Unit tests for designate::sink +# +require 'spec_helper' + +describe 'designate::sink' do + let :params do + { + :enabled => true + } + end + + shared_examples 'designate-sink' do + context 'with default parameters' do + it 'installs designate-sink package and service' do + is_expected.to contain_service('designate-sink').with( + :name => platform_params[:sink_service_name], + :ensure => 'running', + :enable => 'true' + ) + is_expected.to contain_package('designate-sink').with( + :name => platform_params[:sink_package_name], + :ensure => 'present', + :tag => 'openstack' + ) + end + end + end + + context 'on Debian platforms' do + let :facts do + { :osfamily => 'Debian' } + end + + let :platform_params do + { + :sink_package_name => 'designate-sink', + :sink_service_name => 'designate-sink' + } + end + + it_configures 'designate-sink' + end + + context 'on RedHat platforms' do + let :facts do + { :osfamily => 'RedHat' } + end + + let :platform_params do + { + :sink_package_name => 'openstack-designate-sink', + :sink_service_name => 'openstack-designate-sink' + } + end + + it_configures 'designate-sink' + end + + context 'with custom package name' do + let :facts do + { :osfamily => 'RedHat' } + end + + let :platform_params do + { :sink_package_name => 'designate-sink-custom-name', + :sink_service_name => 'openstack-designate-sink' + } + end + + before do + params.merge!({ :sink_package_name => 'designate-sink-custom-name' }) + end + + it_configures 'designate-sink' + end +end diff --git a/deployment_scripts/puppet/modules/designate/spec/shared_examples.rb b/deployment_scripts/puppet/modules/designate/spec/shared_examples.rb new file mode 100644 index 0000000..9e7f9f2 --- /dev/null +++ b/deployment_scripts/puppet/modules/designate/spec/shared_examples.rb @@ -0,0 +1,56 @@ +shared_examples_for "a Puppet::Error" do |description| + it "with message matching #{description.inspect}" do + expect { is_expected.to have_class_count(1) }.to raise_error(Puppet::Error, description) + end +end + +shared_examples 'generic designate service' do |service| + + context 'with default parameters' do + it 'installs package and service' do + is_expected.to contain_package(service[:name]).with({ + :name => service[:package_name], + :ensure => 'present', + :notify => "Service[#{service[:name]}]" + }) + is_expected.to contain_service(service[:name]).with({ + :name => service[:service_name], + :ensure => 'stopped', + :hasstatus => true, + :enable => false + }) + end + end + + context 'with overridden parameters' do + let :params do + { :enabled => true, + :ensure_package => '2014.2-1' } + end + + it 'installs package and service' do + is_expected.to contain_package(service[:name]).with({ + :name => service[:package_name], + :ensure => '2014.2-1', + :notify => "Service[#{service[:name]}]" + }) + is_expected.to contain_service(service[:name]).with({ + :name => service[:service_name], + :ensure => 'running', + :hasstatus => true, + :enable => true + }) + end + end + + context 'while not managing service state' do + let :params do + { :enabled => false, + :manage_service => false } + end + + it 'does not control service state' do + is_expected.to contain_service(service[:name]).without_ensure + end + end +end diff --git a/deployment_scripts/puppet/modules/designate/spec/spec_helper.rb b/deployment_scripts/puppet/modules/designate/spec/spec_helper.rb new file mode 100644 index 0000000..53d4dd0 --- /dev/null +++ b/deployment_scripts/puppet/modules/designate/spec/spec_helper.rb @@ -0,0 +1,7 @@ +require 'puppetlabs_spec_helper/module_spec_helper' +require 'shared_examples' + +RSpec.configure do |c| + c.alias_it_should_behave_like_to :it_configures, 'configures' + c.alias_it_should_behave_like_to :it_raises, 'raises' +end diff --git a/deployment_scripts/puppet/modules/designate/spec/spec_helper_acceptance.rb b/deployment_scripts/puppet/modules/designate/spec/spec_helper_acceptance.rb new file mode 100644 index 0000000..144b31e --- /dev/null +++ b/deployment_scripts/puppet/modules/designate/spec/spec_helper_acceptance.rb @@ -0,0 +1,56 @@ +require 'beaker-rspec' +require 'beaker/puppet_install_helper' + +run_puppet_install_helper + +RSpec.configure do |c| + # Project root + proj_root = File.expand_path(File.join(File.dirname(__FILE__), '..')) + modname = JSON.parse(open('metadata.json').read)['name'].split('-')[1] + + # Readable test descriptions + c.formatter = :documentation + + # Configure all nodes in nodeset + c.before :suite do + # Install module and dependencies + hosts.each do |host| + + # install git + install_package host, 'git' + + zuul_ref = ENV['ZUUL_REF'] + zuul_branch = ENV['ZUUL_BRANCH'] + zuul_url = ENV['ZUUL_URL'] + + repo = 'openstack/puppet-openstack-integration' + + # Start out with clean moduledir, don't trust r10k to purge it + on host, "rm -rf /etc/puppet/modules/*" + # Install dependent modules via git or zuul + r = on host, "test -e /usr/zuul-env/bin/zuul-cloner", { :acceptable_exit_codes => [0,1] } + if r.exit_code == 0 + zuul_clone_cmd = '/usr/zuul-env/bin/zuul-cloner ' + zuul_clone_cmd += '--cache-dir /opt/git ' + zuul_clone_cmd += "--zuul-ref #{zuul_ref} " + zuul_clone_cmd += "--zuul-branch #{zuul_branch} " + zuul_clone_cmd += "--zuul-url #{zuul_url} " + zuul_clone_cmd += "git://git.openstack.org #{repo}" + on host, zuul_clone_cmd + else + on host, "git clone -b stable/kilo https://git.openstack.org/#{repo} #{repo}" + end + + on host, "ZUUL_REF=#{zuul_ref} ZUUL_BRANCH=#{zuul_branch} ZUUL_URL=#{zuul_url} bash #{repo}/install_modules.sh" + + # Install the module being tested + on host, "rm -fr /etc/puppet/modules/#{modname}" + puppet_module_install(:source => proj_root, :module_name => modname) + + on host, "rm -fr #{repo}" + + # List modules installed to help with debugging + on host, puppet('module','list'), { :acceptable_exit_codes => 0 } + end + end +end diff --git a/deployment_scripts/puppet/modules/designate/spec/unit/provider/designate_config/ini_setting_spec.rb b/deployment_scripts/puppet/modules/designate/spec/unit/provider/designate_config/ini_setting_spec.rb new file mode 100644 index 0000000..6e7b217 --- /dev/null +++ b/deployment_scripts/puppet/modules/designate/spec/unit/provider/designate_config/ini_setting_spec.rb @@ -0,0 +1,38 @@ +# +# these tests are a little concerning b/c they are hacking around the +# modulepath, so these tests will not catch issues that may eventually arise +# related to loading these plugins. +# I could not, for the life of me, figure out how to programatcally set the modulepath +$LOAD_PATH.push( + File.join( + File.dirname(__FILE__), + '..', + '..', + '..', + 'fixtures', + 'modules', + 'inifile', + 'lib') +) +require 'spec_helper' +provider_class = Puppet::Type.type(:designate_config).provider(:ini_setting) +describe provider_class do + + it 'should default to the default setting when no other one is specified' do + resource = Puppet::Type::Designate_config.new( + {:name => 'DEFAULT/foo', :value => 'plop'} + ) + provider = provider_class.new(resource) + expect(provider.section).to eq('DEFAULT') + expect(provider.setting).to eq('foo') + end + + it 'should allow setting to be set explicitly' do + resource = Puppet::Type::Designate_config.new( + {:name => 'boo/zoo', :value => 'plop'} + ) + provider = provider_class.new(resource) + expect(provider.section).to eq('boo') + expect(provider.setting).to eq('zoo') + end +end diff --git a/deployment_scripts/puppet/modules/designate/spec/unit/type/designate_config_spec.rb b/deployment_scripts/puppet/modules/designate/spec/unit/type/designate_config_spec.rb new file mode 100644 index 0000000..a9ed22d --- /dev/null +++ b/deployment_scripts/puppet/modules/designate/spec/unit/type/designate_config_spec.rb @@ -0,0 +1,52 @@ +require 'puppet' +require 'puppet/type/designate_config' +describe 'Puppet::Type.type(:designate_config)' do + before :each do + @designate_config = Puppet::Type.type(:designate_config).new(:name => 'DEFAULT/foo', :value => 'bar') + end + + it 'should require a name' do + expect { + Puppet::Type.type(:designate_config).new({}) + }.to raise_error(Puppet::Error, 'Title or name must be provided') + end + + it 'should not expect a name with whitespace' do + expect { + Puppet::Type.type(:designate_config).new(:name => 'f oo') + }.to raise_error(Puppet::Error, /Parameter name failed/) + end + + it 'should fail when there is no section' do + expect { + Puppet::Type.type(:designate_config).new(:name => 'foo') + }.to raise_error(Puppet::Error, /Parameter name failed/) + end + + it 'should not require a value when ensure is absent' do + Puppet::Type.type(:designate_config).new(:name => 'DEFAULT/foo', :ensure => :absent) + end + + it 'should accept a valid value' do + @designate_config[:value] = 'bar' + expect(@designate_config[:value]).to eq('bar') + end + + it 'should not accept a value with whitespace' do + @designate_config[:value] = 'b ar' + expect(@designate_config[:value]).to eq('b ar') + end + + it 'should accept valid ensure values' do + @designate_config[:ensure] = :present + expect(@designate_config[:ensure]).to eq(:present) + @designate_config[:ensure] = :absent + expect(@designate_config[:ensure]).to eq(:absent) + end + + it 'should not accept invalid ensure values' do + expect { + @designate_config[:ensure] = :latest + }.to raise_error(Puppet::Error, /Invalid value/) + end +end diff --git a/deployment_tasks.yaml b/deployment_tasks.yaml new file mode 100644 index 0000000..76b5299 --- /dev/null +++ b/deployment_tasks.yaml @@ -0,0 +1,61 @@ +# These tasks will be merged into deployment graph. Here you +# can specify new tasks for any roles, even built-in ones. + +- id: designate + type: group + role: [designate] + requires: [deploy_start] + required_for: [deploy_end] + tasks: + - fuel_pkgs + - hiera + - globals + - logging + - tools + - netconfig + - hosts + - firewall + parameters: + strategy: + type: parallel + +- id: designate-haproxy + type: puppet + groups: ['primary-controller', 'controller'] + required_for: [task-designate, deploy_end] + requires: [deploy_start, cluster-haproxy] + parameters: + puppet_manifest: puppet/manifests/haproxy.pp + puppet_modules: puppet/modules:/etc/puppet/modules + timeout: 1800 + +- id: task-designate-db + type: puppet + groups: ['primary-controller', 'controller'] + required_for: [task-designate] + requires: [database] + parameters: + puppet_manifest: puppet/manifests/db.pp + puppet_modules: puppet/modules:/etc/puppet/modules + timeout: 1800 + +- id: designate-keystone + type: puppet + groups: ['primary-controller', 'controller'] + required_for: [task-designate] + requires: [keystone] + parameters: + puppet_manifest: puppet/manifests/keystone.pp + puppet_modules: puppet/modules:/etc/puppet/modules + timeout: 1800 + +- id: task-designate + type: puppet + groups: [designate] + required_for: [deploy_end] + requires: [deploy_start, designate-haproxy, task-designate-db, designate-keystone] + parameters: + puppet_manifest: puppet/manifests/designate.pp + puppet_modules: puppet/modules:/etc/puppet/modules + timeout: 1800 + diff --git a/environment_config.yaml b/environment_config.yaml new file mode 100644 index 0000000..6bddde3 --- /dev/null +++ b/environment_config.yaml @@ -0,0 +1,8 @@ +attributes: + metadata: + label: "Designate Service" + weight: 90 + db_password: + generator: "password" + user_password: + generator: "password" \ No newline at end of file diff --git a/metadata.yaml b/metadata.yaml new file mode 100644 index 0000000..5222ef0 --- /dev/null +++ b/metadata.yaml @@ -0,0 +1,30 @@ +# Plugin name +name: fuel-plugin-designate +# Human-readable name for your plugin +title: Designate Service +# Plugin version +version: '1.0.0' +# Description +description: Designate in OpenStack +# Required fuel version +fuel_version: ['7.0'] +# Specify license of your plugin +licenses: ['Apache License Version 2.0'] +# Specify author or company name +authors: ['Venkata Jonnalagadda'] +# A link to the plugin's page +homepage: 'https://github.com/openstack/fuel-plugin-designate' +# Specify a group which your plugin implements, possible options: +# network, storage, storage::cinder, storage::glance, hypervisor +groups: [] + +# The plugin is compatible with releases in the list +releases: + - os: ubuntu + version: 2015.1.0-7.0 + mode: ['ha'] + deployment_scripts_path: deployment_scripts/ + repository_path: repositories/ubuntu + +# Version of plugin package +package_version: '3.0.0' diff --git a/network_roles.yaml b/network_roles.yaml new file mode 100644 index 0000000..035125d --- /dev/null +++ b/network_roles.yaml @@ -0,0 +1,11 @@ +# Unique network role name +- id: "designate/api" + # Role mapping to network + default_mapping: "management" + properties: + # Should be true if network role requires subnet being set + subnet: true + # Should be true if network role requires gateway being set + gateway: true + # List of VIPs to be allocated + vip: [] diff --git a/node_roles.yaml b/node_roles.yaml new file mode 100644 index 0000000..4fe7ed8 --- /dev/null +++ b/node_roles.yaml @@ -0,0 +1,16 @@ +designate: + # Role name + name: "Designate" + # Role description + description: "Designate" + # If primaty then during orchestration this role will be + # splitted into primary-role and role + has_primary: false + # Assign public IP to node if true + public_ip_required: false + # Weight that will be used to sort out the + # roles on the Fuel web UI + weight: 100 + update_required: + - designate + - controller diff --git a/pre_build_hook b/pre_build_hook new file mode 100755 index 0000000..f16e903 --- /dev/null +++ b/pre_build_hook @@ -0,0 +1,17 @@ +#!/bin/bash + +# Add here any the actions which are required before plugin build +# like packages building, packages downloading from mirrors and so on. +# The script should return 0 if there were no errors. + +set -eux + +ROOT="$(dirname `readlink -f $0`)" +MODULES_PATH="${ROOT}"/deployment_scripts/puppet/modules +DESIGNATE_PUPPET_MODULE="${MODULES_PATH}/designate" +TMP_DIR="${ROOT}"/tmp +mkdir -p "${DESIGNATE_PUPPET_MODULE}" +mkdir -p "${TMP_DIR}" +PUPPET_DESIGNATE_BRANCH="stable/kilo" +REPO_PATH="https://github.com/openstack/puppet-designate/tarball/${PUPPET_DESIGNATE_BRANCH}" +wget "$REPO_PATH" -O - | tar xz --strip-components=1 -C "${DESIGNATE_PUPPET_MODULE}" diff --git a/repositories/centos/.gitkeep b/repositories/centos/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/repositories/ubuntu/.gitkeep b/repositories/ubuntu/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/volumes.yaml b/volumes.yaml new file mode 100644 index 0000000..9316d6f --- /dev/null +++ b/volumes.yaml @@ -0,0 +1,8 @@ +volumes_roles_mapping: + # Default role mapping + fuel-plugin-designate: + - {allocate_size: "min", id: "os"} + - {allocate_size: "min", id: "logs"} + +# Set here new volumes for your role +volumes: []