Define new role infrastructure_alerting

Change-Id: I700c59c350942776b150d8f9c59bc0b92f3d037d
2015-09-02 18:03:59 +02:00 · 2015-09-02 18:03:59 +02:00 · a0528556f8
parent e2d97b5b3e
commit a0528556f8
6 changed files with 188 additions and 184 deletions
--- a/deployment_scripts/puppet/manifests/firewall.pp
+++ b/deployment_scripts/puppet/manifests/firewall.pp
@ -12,46 +12,41 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 #
-$plugin = hiera('lma_infrastructure_alerting')
-$user_node_name = hiera('user_node_name')

-if $plugin['node_name'] == $user_node_name {
+class {'::firewall':}

-  class {'::firewall':}
-
-  firewall { '000 accept all icmp requests':
-    proto  => 'icmp',
-    action => 'accept',
-  }
-
-  firewall { '001 accept all to lo interface':
-    proto   => 'all',
-    iniface => 'lo',
-    action  => 'accept',
-  }
-
-  firewall { '002 accept related established rules':
-    proto  => 'all',
-    state  => ['RELATED', 'ESTABLISHED'],
-    action => 'accept',
-  }
-
-  firewall {'020 ssh':
-    port   => 22,
-    proto  => 'tcp',
-    action => 'accept',
-  }
-
-  firewall { '300 nagios cgi':
-    # Important: must match the $lma_infra_alerting::params::nagios_http_port
-    port   => 8001,
-    proto  => 'tcp',
-    action => 'accept',
-  }
-
-  firewall { '999 drop all other requests':
-    proto  => 'all',
-    chain  => 'INPUT',
-    action => 'drop',
-  }
+firewall { '000 accept all icmp requests':
+  proto  => 'icmp',
+  action => 'accept',
+}
+
+firewall { '001 accept all to lo interface':
+  proto   => 'all',
+  iniface => 'lo',
+  action  => 'accept',
+}
+
+firewall { '002 accept related established rules':
+  proto  => 'all',
+  state  => ['RELATED', 'ESTABLISHED'],
+  action => 'accept',
+}
+
+firewall {'020 ssh':
+  port   => 22,
+  proto  => 'tcp',
+  action => 'accept',
+}
+
+firewall { '300 nagios cgi':
+  # Important: must match the $lma_infra_alerting::params::nagios_http_port
+  port   => 8001,
+  proto  => 'tcp',
+  action => 'accept',
+}
+
+firewall { '999 drop all other requests':
+  proto  => 'all',
+  chain  => 'INPUT',
+  action => 'drop',
 }
--- a/deployment_scripts/puppet/manifests/nagios.pp
+++ b/deployment_scripts/puppet/manifests/nagios.pp
@ -43,139 +43,138 @@ if $storage_options['objects_ceph']{
  $services['openstack.swift.status'] = true
 }

-if $plugin['node_name'] == hiera('user_node_name') {
-  class { 'lma_infra_alerting':
-    openstack_deployment_name  => $env_id,
-    openstack_management_vip   => $management_vip,
-    additional_services        => keys($services),
-    # UI password
-    password                   => $password,
-  }
+class { 'lma_infra_alerting':
+  openstack_deployment_name  => $env_id,
+  openstack_management_vip   => $management_vip,
+  additional_services        => keys($services),
+  # UI password
+  password                   => $password,
+}

-  class { 'lma_infra_alerting::nagios::contact':
-    send_to         => $send_to,
-    send_from       => $send_from,
-    smtp_host       => $smtp_host,
-    smtp_auth       => $smtp_auth,
-    smtp_user       => $smtp_user,
-    smtp_password   => $smtp_password,
-    notify_warning  => $notify_warning,
-    notify_critical => $notify_critical,
-    notify_recovery => $notify_recovery,
-    notify_unknown  => $notify_unknown,
-    require         => Class['lma_infra_alerting'],
-  }
+class { 'lma_infra_alerting::nagios::contact':
+  send_to         => $send_to,
+  send_from       => $send_from,
+  smtp_host       => $smtp_host,
+  smtp_auth       => $smtp_auth,
+  smtp_user       => $smtp_user,
+  smtp_password   => $smtp_password,
+  notify_warning  => $notify_warning,
+  notify_critical => $notify_critical,
+  notify_recovery => $notify_recovery,
+  notify_unknown  => $notify_unknown,
+  require         => Class['lma_infra_alerting'],
+}

-  $nodes_hash = hiera('nodes', {})
-  $primary_controller_nodes = filter_nodes($nodes_hash,'role','primary-controller')
-  $controller_nodes = filter_nodes($nodes_hash,'role','controller')
-  $all_controller_nodes = concat($primary_controller_nodes, $controller_nodes)
+$nodes_hash = hiera('nodes', {})
+$primary_controller_nodes = filter_nodes($nodes_hash,'role','primary-controller')
+$controller_nodes = filter_nodes($nodes_hash,'role','controller')
+$all_controller_nodes = concat($primary_controller_nodes, $controller_nodes)

-  $compute_nodes = filter_nodes($nodes_hash,'role','compute')
-  $cinder_nodes = filter_nodes($nodes_hash,'role','cinder')
-  $base_os_nodes = filter_nodes($nodes_hash,'role','base-os')
-  $osd_nodes = filter_nodes($nodes_hash, 'role', 'ceph-osd')
+$compute_nodes = filter_nodes($nodes_hash,'role','compute')
+$cinder_nodes = filter_nodes($nodes_hash,'role','cinder')
+$base_os_nodes = filter_nodes($nodes_hash,'role','base-os')
+$osd_nodes = filter_nodes($nodes_hash, 'role', 'ceph-osd')

-  $all_nodes = {}
-  if !empty($all_controller_nodes){
-    $all_nodes['controller'] = $all_controller_nodes
-  }
+$all_nodes = {}
+if !empty($all_controller_nodes){
+  $all_nodes['controller'] = $all_controller_nodes
+}

-  if !empty($compute_nodes){
-    $all_nodes['compute'] = $compute_nodes
-  }
-  if !empty($cinder_nodes){
-    $all_nodes['cinder'] = $cinder_nodes
-  }
-  if !empty($base_os_nodes){
-    $all_nodes['base-os'] = $base_os_nodes
-  }
-  if !empty($osd_nodes){
-    $all_nodes['ceph-osd'] = $osd_nodes
-  }
+if !empty($compute_nodes){
+  $all_nodes['compute'] = $compute_nodes
+}
+if !empty($cinder_nodes){
+  $all_nodes['cinder'] = $cinder_nodes
+}
+if !empty($base_os_nodes){
+  $all_nodes['base-os'] = $base_os_nodes
+}
+if !empty($osd_nodes){
+  $all_nodes['ceph-osd'] = $osd_nodes
+}

-  class { 'lma_infra_alerting::nagios::hosts':
-    hosts                  => $all_nodes,
-    host_name_key          => 'name',
-    host_address_key       => 'internal_address',
-    host_display_name_keys => ['name', 'user_node_name'],
-    host_custom_vars_keys  => ['internal_address', 'private_address',
-                              'public_address', 'storage_address',
-                              'fqdn', 'role'],
-    require                => Class[lma_infra_alerting],
-  }
+class { 'lma_infra_alerting::nagios::hosts':
+  hosts                  => $all_nodes,
+  host_name_key          => 'name',
+  host_address_key       => 'internal_address',
+  host_display_name_keys => ['name', 'user_node_name'],
+  host_custom_vars_keys  => ['internal_address', 'private_address',
+                            'public_address', 'storage_address',
+                            'fqdn', 'role'],
+  require                => Class[lma_infra_alerting],
+}


-  # Nodes have private IPs only with GRE segmentation
-  $network_config = hiera('quantum_settings')
-  $segmentation_type = $network_config['L2']['segmentation_type']
-  if $segmentation_type == 'gre' {
-    $private_network = true
-  } else {
-    $private_network = false
-  }
+# Nodes have private IPs only with GRE segmentation
+$network_config = hiera('quantum_settings')
+$segmentation_type = $network_config['L2']['segmentation_type']
+if $segmentation_type == 'gre' {
+  $private_network = true
+} else {
+  $private_network = false
+}

-  # Configure SSH checks
-  lma_infra_alerting::nagios::check_ssh { 'management':
-    hostgroups => keys($all_nodes),
-    require    => Class[lma_infra_alerting],
-  }
+# Configure SSH checks
+lma_infra_alerting::nagios::check_ssh { 'management':
+  hostgroups => keys($all_nodes),
+  require    => Class[lma_infra_alerting],
+}

-  lma_infra_alerting::nagios::check_ssh { 'storage':
+lma_infra_alerting::nagios::check_ssh { 'storage':
+  hostgroups         => keys($all_nodes),
+  custom_var_address => 'storage_address',
+  require            => Class[lma_infra_alerting],
+}
+
+if $private_network {
+  lma_infra_alerting::nagios::check_ssh { 'private':
    hostgroups         => keys($all_nodes),
-    custom_var_address => 'storage_address',
+    custom_var_address => 'private_address',
    require            => Class[lma_infra_alerting],
  }
+}

-  if $private_network {
-    lma_infra_alerting::nagios::check_ssh { 'private':
-      hostgroups         => keys($all_nodes),
-      custom_var_address => 'private_address',
-      require            => Class[lma_infra_alerting],
-    }
+# Configure Grafana and InfluxDB checks
+$influxdb_grafana = hiera('influxdb_grafana', {})
+$influxdb_node_name = $influxdb_grafana['node_name']
+$influxdb_nodes = filter_nodes(hiera('nodes'), 'user_node_name', $influxdb_node_name)
+if ! empty($influxdb_nodes){
+  lma_infra_alerting::nagios::check_http { 'Grafana':
+     host_name                  => $influxdb_nodes[0]['name'],
+     port                       => $lma_infra_alerting::params::grafana_port,
+     url                        => '/login',
+     custom_var_address         => 'internal_address',
+     string_expected_in_content => 'grafana',
  }
-
-  # Configure Grafana and InfluxDB checks
-  $influxdb_grafana = hiera('influxdb_grafana', {})
-  $influxdb_node_name = $influxdb_grafana['node_name']
-  $influxdb_nodes = filter_nodes(hiera('nodes'), 'user_node_name', $influxdb_node_name)
-  if ! empty($influxdb_nodes){
-    lma_infra_alerting::nagios::check_http { 'Grafana':
-       host_name                  => $influxdb_nodes[0]['name'],
-       port                       => $lma_infra_alerting::params::grafana_port,
-       url                        => '/login',
-       custom_var_address         => 'internal_address',
-       string_expected_in_content => 'grafana',
-    }
-    lma_infra_alerting::nagios::check_http { 'InfluxDB':
-       host_name                  => $influxdb_nodes[0]['name'],
-       port                       => $lma_infra_alerting::params::influxdb_port,
-       url                        => '/ping',
-       custom_var_address         => 'internal_address',
-       string_expected_in_status  => '204 No Content',
-       string_expected_in_headers => 'X-Influxdb-Version',
-    }
-  }
-
-  # Configure Elasticsearch and Kibana checks
-  $es_kibana = hiera('elasticsearch_kibana', {})
-  $es_node_name = $es_kibana['node_name']
-  $es_kibana_nodes = filter_nodes(hiera('nodes'), 'user_node_name', $es_node_name)
-  if ! empty($es_kibana_nodes){
-    lma_infra_alerting::nagios::check_http { 'Kibana':
-       host_name                  => $es_kibana_nodes[0]['name'],
-       port                       => $lma_infra_alerting::params::kibana_port,
-       url                        => '/',
-       custom_var_address         => 'internal_address',
-       string_expected_in_content => 'Kibana 3',
-    }
-
-    lma_infra_alerting::nagios::check_http { 'Elasticsearch':
-       host_name                  => $es_kibana_nodes[0]['name'],
-       port                       => $lma_infra_alerting::params::elasticserach_port,
-       url                        => '/',
-       custom_var_address         => 'internal_address',
-       string_expected_in_content => '"status" : 200',
-    }
+  lma_infra_alerting::nagios::check_http { 'InfluxDB':
+     host_name                  => $influxdb_nodes[0]['name'],
+     port                       => $lma_infra_alerting::params::influxdb_port,
+     url                        => '/ping',
+     custom_var_address         => 'internal_address',
+     string_expected_in_status  => '204 No Content',
+     string_expected_in_headers => 'X-Influxdb-Version',
  }
 }
+
+# Configure Elasticsearch and Kibana checks
+$es_kibana = hiera('elasticsearch_kibana', {})
+$es_node_name = $es_kibana['node_name']
+$es_kibana_nodes = filter_nodes(hiera('nodes'), 'user_node_name', $es_node_name)
+if ! empty($es_kibana_nodes){
+  lma_infra_alerting::nagios::check_http { 'Kibana':
+     host_name                  => $es_kibana_nodes[0]['name'],
+     port                       => $lma_infra_alerting::params::kibana_port,
+     url                        => '/',
+     custom_var_address         => 'internal_address',
+     string_expected_in_content => 'Kibana 3',
+  }
+
+  lma_infra_alerting::nagios::check_http { 'Elasticsearch':
+     host_name                  => $es_kibana_nodes[0]['name'],
+     port                       => $lma_infra_alerting::params::elasticserach_port,
+     url                        => '/',
+     custom_var_address         => 'internal_address',
+     string_expected_in_content => '"status" : 200',
+  }
+}
+
--- a/deployment_tasks.yaml
+++ b/deployment_tasks.yaml
@ -0,0 +1,13 @@
+- id: infrastructure_alerting
+  type: group
+  role: [infrastructure_alerting]
+  tasks:
+    - hiera
+    - globals
+    - logging
+    - netconfig
+  required_for: [deploy_end]
+  requires: [deploy_start]
+  parameters:
+    strategy:
+      type: parallel
--- a/environment_config.yaml
+++ b/environment_config.yaml
@ -1,21 +1,13 @@
 attributes:
-  node_name:
-    value: 'alerting'
-    label: "Node name"
-    description: 'The name of the node where the plugin will be deployed.'
-    weight: 30
-    type: "text"
-    regex: &not_empty
-      source: '\S'
-      error: "Invalid value"
-
  nagios_password:
    value: 'r00tme'
    label: 'Nagios HTTP password'
    description: 'The password to access the Nagios Web Interface (username: "nagiosadmin")'
    weight: 42
    type: "password"
-    regex: *not_empty
+    regex:
+      source: '\S'
+      error: "Invalid value"

  send_to:
    value: ''
--- a/node_roles.yaml
+++ b/node_roles.yaml
@ -0,0 +1,13 @@
+infrastructure_alerting:
+  name: 'LMA Infrastructure Alerting'
+  description: 'Install services for the infrastructure alerting'
+  has_primary: false
+  public_ip_required: false
+  weight: 100
+  limits:
+    max: 1
+  conflicts:
+    - controller
+    - compute
+    - cinder
+    - ceph-osd
--- a/tasks.yaml
+++ b/tasks.yaml
@ -1,24 +1,16 @@
-# TODO: check environment coherence
 # The following tasks are executed in the order they are declared
- role: ['base-os']
-  stage: post_deployment/8100
-  type: puppet
-  parameters:
-    puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/netconfig/netconfig.pp
-    puppet_modules: /etc/puppet/modules
-    timeout: 720
-
-# The following tasks are executed in the order they are declared
- role: ['base-os']
-  stage: post_deployment/8100
+# Priorities are important, this ensure that this plugin is deployed after
+# LMA Collector, InfluxDB and Elasticsearch.
+- role: [infrastructure_alerting]
+  stage: post_deployment/8101
  type: puppet
  parameters:
    puppet_manifest: puppet/manifests/firewall.pp
    puppet_modules: /etc/puppet/modules
    timeout: 600

- role: ['base-os']
-  stage: post_deployment/8100
+- role: [infrastructure_alerting]
+  stage: post_deployment/8101
  type: puppet
  parameters:
    puppet_manifest: puppet/manifests/nagios.pp