Fix some issues for murano plugin

- create separate task for uploading murano package;
- add firewall for murano rabbit;

Closes-bug: #1593214
Closes-bug: #1593208

Change-Id: If268bc8414bfc72574c8aebdf75466ddfef7a9de

deployment_scripts/manifests/import_murano_package.pp

@@ -0,0 +1,3 @@
+notice('MURANO PLUGIN: import_murano_package.pp')
+
+murano::application { 'io.murano' : }

deployment_scripts/manifests/murano.pp

@@ -25,7 +25,6 @@ $use_stderr                 = hiera('use_stderr', false)
 $rabbit_ha_queues           = hiera('rabbit_ha_queues', false)
 $amqp_port                  = hiera('amqp_port')
 $amqp_hosts                 = hiera('amqp_hosts')
-$external_lb                = hiera('external_lb', false)
 
 $internal_auth_protocol = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'protocol', 'http')
 $internal_auth_address  = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'hostname', [hiera('keystone_endpoint', ''), $service_endpoint, $management_ip])
@@ -135,37 +134,4 @@ class { '::murano::api':
 include ::murano::engine
 include ::murano::client
 
-if $primary_murano {
-  murano::application { 'io.murano' : }
-}
-
-$haproxy_stats_url = "http://${management_ip}:10000/;csv"
-$murano_protocol = get_ssl_property($ssl_hash, {}, 'murano', 'internal', 'protocol', 'http')
-$murano_address  = get_ssl_property($ssl_hash, {}, 'murano', 'internal', 'hostname', [$service_endpoint, $management_ip])
-$murano_url      = "${murano_protocol}://${murano_address}:${api_bind_port}"
-$lb_defaults     = { 'provider' => 'haproxy', 'url' => $haproxy_stats_url }
-
-if $external_lb {
-  $lb_backend_provider = 'http'
-  $lb_url = $murano_url
-}
-
-$lb_hash = {
-  'murano-api' => {
-    name     => 'murano-api',
-    provider => $lb_backend_provider,
-    url      => $lb_url
-  }
-}
-
-class {'::osnailyfacter::wait_for_keystone_backends':} ->
-::osnailyfacter::wait_for_backend {'murano-api':
-  lb_hash     => $lb_hash,
-  lb_defaults => $lb_defaults
-}
-
-Service['murano-api'] ->
-  ::Osnailyfacter::Wait_for_backend['murano-api'] ->
-    Murano::Application['io.murano']
-
 Firewall[$firewall_rule] -> Class['murano::api']

deployment_scripts/manifests/murano_rabbitmq.pp

@@ -22,6 +22,15 @@ package { 'murano-rabbitmq':
   ensure => latest,
 }
 
+$firewall_rule = '203 murano-rabbitmq'
+include ::firewall
+firewall { $firewall_rule :
+  dport  => '55572',
+  proto  => 'tcp',
+  action => 'accept',
+  before => Service[$rabbit_service_name],
+}
+
 service { $rabbit_service_name :
   ensure => 'running',
   name   => $rabbit_service_name,

deployment_tasks.yaml

@@ -206,7 +206,7 @@
       $.get('default_log_levels'), $.get('use_syslog'),
       $.get('use_stderr'), $.get('rabbit_ha_queues'), $.get('amqp_port'),
       $.get('amqp_hosts'), $.external_dns, $.public_ssl, $.get('use_ssl'),
-      $.get('kombu_compression'), $.get('external_lb'), $.get('keystone_endpoint'))
+      $.get('kombu_compression'), $.get('keystone_endpoint'))
   required_for: [deploy_end]
   requires: [hosts]
   cross-depends:
@@ -303,6 +303,25 @@
     timeout: 120
 #####
 
+- id: import_murano_package
+  type: puppet
+  version: 2.1.0
+  groups: ['primary-murano-node', 'primary-controller']
+  condition:
+    yaql_exp: >
+      $.get('detach-murano', {}).get('metadata', {}).get('enabled', false) and
+      ($.roles.any($.matches('primary-murano-node')) or
+      not $.network_metadata.nodes.values().any(
+         ('primary-murano-node' in $.node_roles))) and
+      changedAny($.get('detach-murano').murano_glance_artifacts)
+  required_for: [post_deployment_end]
+  cross-depends:
+    - name: upload_cirros
+  parameters:
+    puppet_manifest: manifests/import_murano_package.pp
+    puppet_modules: /etc/puppet/modules:modules
+    timeout: 180
+
 # skip base murano tasks
 - id: murano
   type: skipped