188 lines
7.2 KiB
Puppet
188 lines
7.2 KiB
Puppet
notice('MODULAR: sahara.pp')
|
|
|
|
prepare_network_config(hiera_hash('network_scheme', {}))
|
|
|
|
$access_admin = hiera_hash('access_hash', {})
|
|
$sahara_hash = hiera_hash('sahara_hash', {})
|
|
$rabbit_hash = hiera_hash('rabbit_hash', {})
|
|
$public_ssl_hash = hiera('public_ssl')
|
|
$ceilometer_hash = hiera_hash('ceilometer_hash', {})
|
|
$primary_controller = hiera('primary_controller')
|
|
$public_vip = hiera('public_vip')
|
|
$database_vip = hiera('database_vip', undef)
|
|
$management_vip = hiera('management_vip')
|
|
$neutron_config = hiera_hash('neutron_config')
|
|
$use_neutron = hiera('use_neutron', false)
|
|
$service_endpoint = hiera('service_endpoint')
|
|
$syslog_log_facility_sahara = hiera('syslog_log_facility_sahara')
|
|
$debug = pick($sahara_hash['debug'], hiera('debug', false))
|
|
$verbose = pick($sahara_hash['verbose'], hiera('verbose', true))
|
|
$default_log_levels = hiera_hash('default_log_levels')
|
|
$use_syslog = hiera('use_syslog', true)
|
|
$use_stderr = hiera('use_stderr', false)
|
|
$rabbit_ha_queues = hiera('rabbit_ha_queues')
|
|
$amqp_port = hiera('amqp_port')
|
|
$amqp_hosts = hiera('amqp_hosts')
|
|
$external_lb = hiera('external_lb', false)
|
|
$ssl_hash = hiera_hash('use_ssl', {})
|
|
$internal_auth_protocol = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'protocol', 'http')
|
|
$internal_auth_address = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'hostname', [$service_endpoint, $management_vip])
|
|
$internal_auth_url = "${internal_auth_protocol}://${internal_auth_address}:5000"
|
|
$admin_identity_protocol = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'protocol', 'http')
|
|
$admin_identity_address = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'hostname', [$service_endpoint, $management_vip])
|
|
$admin_identity_uri = "${admin_identity_protocol}://${admin_identity_address}:35357"
|
|
|
|
#################################################################
|
|
|
|
if $sahara_hash['enabled'] {
|
|
$firewall_rule = '201 sahara-api'
|
|
$api_bind_port = '8386'
|
|
$api_bind_host = get_network_role_property('sahara/api', 'ipaddr')
|
|
$public_address = $public_ssl_hash['services'] ? {
|
|
true => $public_ssl_hash['hostname'],
|
|
default => $public_vip,
|
|
}
|
|
$public_protocol = $public_ssl_hash['services'] ? {
|
|
true => 'https',
|
|
default => 'http',
|
|
}
|
|
$sahara_user = pick($sahara_hash['user'], 'sahara')
|
|
$sahara_password = pick($sahara_hash['user_password'])
|
|
$tenant = pick($sahara_hash['tenant'], 'services')
|
|
$db_user = pick($sahara_hash['db_user'], 'sahara')
|
|
$db_name = pick($sahara_hash['db_name'], 'sahara')
|
|
$db_password = pick($sahara_hash['db_password'])
|
|
$db_host = pick($sahara_hash['db_host'], $database_vip)
|
|
$max_pool_size = min($::processorcount * 5 + 0, 30 + 0)
|
|
$max_overflow = min($::processorcount * 5 + 0, 60 + 0)
|
|
$max_retries = '-1'
|
|
$idle_timeout = '3600'
|
|
$read_timeout = '60'
|
|
$sql_connection = "mysql://${db_user}:${db_password}@${db_host}/${db_name}?read_timeout=${read_timeout}"
|
|
|
|
####### Disable upstart startup on install #######
|
|
tweaks::ubuntu_service_override { 'sahara-api':
|
|
package_name => 'sahara',
|
|
}
|
|
|
|
firewall { $firewall_rule :
|
|
dport => $api_bind_port,
|
|
proto => 'tcp',
|
|
action => 'accept',
|
|
}
|
|
|
|
class { 'sahara' :
|
|
host => $api_bind_host,
|
|
port => $api_bind_port,
|
|
verbose => $verbose,
|
|
debug => $debug,
|
|
use_syslog => $use_syslog,
|
|
use_stderr => $use_stderr,
|
|
plugins => [ 'ambari', 'cdh', 'mapr', 'spark', 'vanilla' ],
|
|
log_facility => $syslog_log_facility_sahara,
|
|
database_connection => $sql_connection,
|
|
database_max_pool_size => $max_pool_size,
|
|
database_max_overflow => $max_overflow,
|
|
database_max_retries => $max_retries,
|
|
database_idle_timeout => $idle_timeout,
|
|
sync_db => $primary_controller,
|
|
auth_uri => "${internal_auth_url}/v2.0/",
|
|
identity_uri => $admin_identity_uri,
|
|
rpc_backend => 'rabbit',
|
|
use_neutron => $use_neutron,
|
|
admin_user => $sahara_user,
|
|
admin_password => $sahara_password,
|
|
admin_tenant_name => $tenant,
|
|
rabbit_userid => $rabbit_hash['user'],
|
|
rabbit_password => $rabbit_hash['password'],
|
|
rabbit_ha_queues => $rabbit_ha_queues,
|
|
rabbit_port => $amqp_port,
|
|
rabbit_hosts => split($amqp_hosts, ',')
|
|
}
|
|
|
|
if $public_ssl_hash['services'] {
|
|
file { '/etc/pki/tls/certs':
|
|
mode => 755,
|
|
}
|
|
|
|
file { '/etc/pki/tls/certs/public_haproxy.pem':
|
|
mode => 644,
|
|
}
|
|
|
|
sahara_config {
|
|
'object_store_access/public_identity_ca_file': value => '/etc/pki/tls/certs/public_haproxy.pem';
|
|
'object_store_access/public_object_store_ca_file': value => '/etc/pki/tls/certs/public_haproxy.pem';
|
|
}
|
|
}
|
|
|
|
class { 'sahara::service::api': }
|
|
|
|
class { 'sahara::service::engine': }
|
|
|
|
class { 'sahara::client': }
|
|
|
|
if $ceilometer_hash['enabled'] {
|
|
class { '::sahara::notify':
|
|
enable_notifications => true,
|
|
}
|
|
}
|
|
|
|
$haproxy_stats_url = "http://${management_vip}:10000/;csv"
|
|
|
|
if $external_lb {
|
|
Haproxy_backend_status<||> {
|
|
provider => 'http',
|
|
}
|
|
$sahara_protocol = get_ssl_property($ssl_hash, {}, 'sahara', 'internal', 'protocol', 'http')
|
|
$sahara_address = get_ssl_property($ssl_hash, {}, 'sahara', 'internal', 'hostname', [$service_endpoint, $management_vip])
|
|
$sahara_url = "${sahara_protocol}://${sahara_address}:${api_bind_port}"
|
|
}
|
|
|
|
haproxy_backend_status { 'sahara' :
|
|
name => 'sahara',
|
|
url => $external_lb ? {
|
|
default => $haproxy_stats_url,
|
|
true => $sahara_url,
|
|
},
|
|
}
|
|
|
|
if $primary_controller {
|
|
|
|
haproxy_backend_status { 'keystone-public' :
|
|
name => 'keystone-1',
|
|
url => $external_lb ? {
|
|
default => $haproxy_stats_url,
|
|
true => $internal_auth_url,
|
|
},
|
|
}
|
|
|
|
haproxy_backend_status { 'keystone-admin' :
|
|
name => 'keystone-2',
|
|
url => $external_lb ? {
|
|
default => $haproxy_stats_url,
|
|
true => $admin_identity_uri,
|
|
},
|
|
}
|
|
|
|
class { 'sahara_templates::create_templates' :
|
|
use_neutron => $use_neutron,
|
|
auth_user => $access_admin['user'],
|
|
auth_password => $access_admin['password'],
|
|
auth_tenant => $access_admin['tenant'],
|
|
auth_uri => "${public_protocol}://${public_address}:5000/v2.0/",
|
|
internal_net => try_get_value($neutron_config, 'default_private_net', 'admin_internal_net'),
|
|
}
|
|
|
|
Haproxy_backend_status['keystone-admin'] -> Haproxy_backend_status['sahara']
|
|
Haproxy_backend_status['keystone-public'] -> Haproxy_backend_status['sahara']
|
|
Haproxy_backend_status['sahara'] -> Class['sahara_templates::create_templates']
|
|
}
|
|
|
|
Firewall[$firewall_rule] -> Class['sahara::service::api']
|
|
Service['sahara-api'] -> Haproxy_backend_status['sahara']
|
|
}
|
|
#########################
|
|
|
|
class openstack::firewall {}
|
|
include openstack::firewall
|