openstack
/
puppet-openstack-integration
Code Issues Proposed changes

Add support for dual oslo.messaging backend configuration 

Introduce configuration parameters to specify the oslo.messaging
rpc or notification backend as one of rabbit, amqp. The default
config is to use rabbit broker for both rpc and notification. Selection
of amqp for rpc will use brokerless qpid-dispatch router.

This patch:
* Adds notification_transport_url parameter across services where needed
* Adds rpc and notification parameters to config
* Adds qdr for rpc amqp1 configuration
* Modifies scenario001 for dual messaging backends
* supports ssl config

Depends-On: Id6ebc4ce8b0ffdb0be92a758dbf89c84c3274725
Change-Id: Ia2a79a2e1482f6f72426bc81c8e6d2a04cb211e3
This commit is contained in:
Andrew Smith 2017-01-06 08:57:09 -05:00
parent 14cd7a6b24
commit c82f5689cb
21 changed files with 459 additions and 98 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -73,6 +73,8 @@ scenario](#all-in-one).
| bgpvpn-api | | | | X | |
| redis | X | | | | |
| l2gw | | | | X | |
| om rpc | amqp1 | rabbit | rabbit | rabbit | rabbit |
| om notify | rabbit | rabbit | rabbit | rabbit | rabbit |
When the Jenkins slave is created, the *run_tests.sh* script will be executed.
This script will execute *install_modules.sh* that prepare /etc/puppet/modules

8
copy_logs.sh
View File

@ -172,6 +172,14 @@ if [ -f ${redis_logs} ]; then
sudo cp ${redis_logs} $LOG_DIR/redis.log.txt
fi
if [ -f /var/log/qdrouterd/qdrouterd.log ]; then
sudo cp /var/log/qdrouterd/qdrouterd.log $LOG_DIR/qdrouterd.log.txt
if [ -f /etc/qpid-dispatch/qdrouterd.conf ]; then
mkdir $LOG_DIR/qdrouterd_config
sudo cp /etc/qpid-dispatch/qdrouterd.conf $LOG_DIR/qdrouterd_config/qdrouterd.conf.txt
fi
fi
if [ -f /var/log/audit/audit.log ]; then
sudo cp /var/log/audit/audit.log $LOG_DIR/audit.log.txt
fi

13
fixtures/scenario001.pp
View File

@ -21,11 +21,15 @@ case $::osfamily {
# https://bugs.launchpad.net/cloud-archive/+bug/1535740
$enable_vitrage = false
$enable_legacy_telemetry = true
$om_rpc = 'rabbit'
$om_notify = 'rabbit'
}
'RedHat': {
$ipv6 = true
$enable_vitrage = true
$enable_legacy_telemetry = false
$om_rpc = 'amqp'
$om_notify = 'rabbit'
}
default: {
fail("Unsupported osfamily (${::osfamily})")
@ -42,12 +46,17 @@ if ($::operatingsystem == 'Ubuntu') and (versioncmp($::operatingsystemmajrelease
include ::openstack_integration
class { '::openstack_integration::config':
ssl => $ssl_enabled,
ipv6 => $ipv6,
ssl => $ssl_enabled,
ipv6 => $ipv6,
rpc_backend => $om_rpc,
notify_backend => $om_notify,
}
include ::openstack_integration::cacert
include ::openstack_integration::memcached
include ::openstack_integration::rabbitmq
if ($om_rpc == 'amqp') {
include ::openstack_integration::qdr
}
include ::openstack_integration::mysql
class { '::openstack_integration::keystone':
# NOTE(sileht):zTelemetry autoscaling tempest tests can't renew token, so we

30
manifests/aodh.pp
View File

@ -17,6 +17,14 @@ class openstack_integration::aodh {
require => Class['::rabbitmq'],
}
if $::openstack_integration::config::messaging_default_proto == 'amqp' {
qdr_user { 'aodh':
password => 'an_even_bigger_secret',
provider => 'sasl',
require => Class['::qdr'],
}
}
if $::openstack_integration::config::ssl {
openstack_integration::ssl_key { 'aodh':
notify => Service['httpd'],
@ -33,17 +41,25 @@ class openstack_integration::aodh {
$gnocchi_url = undef
}
class { '::aodh':
default_transport_url => os_transport_url({
'transport' => 'rabbit',
default_transport_url => os_transport_url({
'transport' => $::openstack_integration::config::messaging_default_proto,
'host' => $::openstack_integration::config::host,
'port' => $::openstack_integration::config::rabbit_port,
'port' => $::openstack_integration::config::messaging_default_port,
'username' => 'aodh',
'password' => 'an_even_bigger_secret',
}),
rabbit_use_ssl => $::openstack_integration::config::ssl,
debug => true,
database_connection => 'mysql+pymysql://aodh:aodh@127.0.0.1/aodh?charset=utf8',
gnocchi_url => $gnocchi_url,
notification_transport_url => os_transport_url({
'transport' => $::openstack_integration::config::messaging_notify_proto,
'host' => $::openstack_integration::config::host,
'port' => $::openstack_integration::config::messaging_notify_port,
'username' => 'aodh',
'password' => 'an_even_bigger_secret',
}),
rabbit_use_ssl => $::openstack_integration::config::ssl,
amqp_sasl_mechanisms => 'PLAIN',
debug => true,
database_connection => 'mysql+pymysql://aodh:aodh@127.0.0.1/aodh?charset=utf8',
gnocchi_url => $gnocchi_url,
}
class { '::aodh::db::mysql':
password => 'aodh',

19
manifests/barbican.pp
View File

@ -18,6 +18,14 @@ class openstack_integration::barbican {
}
Rabbitmq_user_permissions['barbican@/'] -> Service<| tag == 'barbican-service' |>
if $::openstack_integration::config::messaging_default_proto == 'amqp' {
qdr_user { 'barbican':
password => 'an_even_bigger_secret',
provider => 'sasl',
require => Class['::qdr'],
}
}
if $::openstack_integration::config::ssl {
openstack_integration::ssl_key { 'barbican':
notify => Service['httpd'],
@ -53,9 +61,16 @@ class openstack_integration::barbican {
}
class { '::barbican::api':
default_transport_url => os_transport_url({
'transport' => 'rabbit',
'transport' => $::openstack_integration::config::messaging_default_proto,
'host' => $::openstack_integration::config::host,
'port' => $::openstack_integration::config::rabbit_port,
'port' => $::openstack_integration::config::messaging_default_port,
'username' => 'barbican',
'password' => 'an_even_bigger_secret',
}),
notification_transport_url => os_transport_url({
'transport' => $::openstack_integration::config::messaging_notify_proto,
'host' => $::openstack_integration::config::host,
'port' => $::openstack_integration::config::messaging_notify_port,
'username' => 'barbican',
'password' => 'an_even_bigger_secret',
}),

30
manifests/ceilometer.pp
View File

@ -26,6 +26,14 @@ class openstack_integration::ceilometer (
require => Class['::rabbitmq'],
}
if $::openstack_integration::config::messaging_default_proto == 'amqp' {
qdr_user { 'ceilometer':
password => 'an_even_bigger_secret',
provider => 'sasl',
require => Class['::qdr'],
}
}
if $::openstack_integration::config::ssl {
openstack_integration::ssl_key { 'ceilometer':
notify => Service['httpd'],
@ -35,17 +43,25 @@ class openstack_integration::ceilometer (
}
class { '::ceilometer':
telemetry_secret => 'secrete',
default_transport_url => os_transport_url({
'transport' => 'rabbit',
telemetry_secret => 'secrete',
default_transport_url => os_transport_url({
'transport' => $::openstack_integration::config::messaging_default_proto,
'host' => $::openstack_integration::config::host,
'port' => $::openstack_integration::config::rabbit_port,
'port' => $::openstack_integration::config::messaging_default_port,
'username' => 'ceilometer',
'password' => 'an_even_bigger_secret',
}),
rabbit_use_ssl => $::openstack_integration::config::ssl,
memcached_servers => $::openstack_integration::config::memcached_servers,
debug => true,
notification_transport_url => os_transport_url({
'transport' => $::openstack_integration::config::messaging_notify_proto,
'host' => $::openstack_integration::config::host,
'port' => $::openstack_integration::config::messaging_notify_port,
'username' => 'ceilometer',
'password' => 'an_even_bigger_secret',
}),
rabbit_use_ssl => $::openstack_integration::config::ssl,
amqp_sasl_mechanisms => 'PLAIN',
memcached_servers => $::openstack_integration::config::memcached_servers,
debug => true,
}
class { '::ceilometer::keystone::auth':

22
manifests/cinder.pp
View File

@ -36,6 +36,14 @@ class openstack_integration::cinder (
require => Class['::rabbitmq'],
}
if $::openstack_integration::config::messaging_default_proto == 'amqp' {
qdr_user { 'cinder':
password => 'an_even_bigger_secret',
provider => 'sasl',
require => Class['::qdr'],
}
}
if $::openstack_integration::config::ssl {
openstack_integration::ssl_key { 'cinder':
notify => Service['httpd'],
@ -60,16 +68,26 @@ class openstack_integration::cinder (
}
class { '::cinder':
default_transport_url => os_transport_url({
'transport' => 'rabbit',
'transport' => $::openstack_integration::config::messaging_default_proto,
'host' => $::openstack_integration::config::host,
'port' => $::openstack_integration::config::rabbit_port,
'port' => $::openstack_integration::config::messaging_default_port,
'username' => 'cinder',
'password' => 'an_even_bigger_secret',
}),
database_connection => 'mysql+pymysql://cinder:cinder@127.0.0.1/cinder?charset=utf8',
rabbit_use_ssl => $::openstack_integration::config::ssl,
amqp_sasl_mechanisms => 'PLAIN',
debug => true,
}
class { '::cinder::ceilometer':
notification_transport_url => os_transport_url({
'transport' => $::openstack_integration::config::messaging_notify_proto,
'host' => $::openstack_integration::config::host,
'port' => $::openstack_integration::config::messaging_notify_port,
'username' => 'cinder',
'password' => 'an_even_bigger_secret',
}),
}
if $volume_encryption {
$keymgr_api_class = 'castellan.key_manager.barbican_key_manager.BarbicanKeyManager'
$keymgr_encryption_api_url = "${::openstack_integration::config::base_url}:9311"

46
manifests/config.pp
View File

@ -8,24 +8,52 @@
# (optional) Boolean to enable or not IPv6.
# Defaults to false.
#
# [*rpc_backend*]
# (optional) The oslo.messaging backend to configure for rpc.
# Possible values include rabbit, amqp
# Defaults to 'rabbit'.
#
# [*notify_backend*]
# (optional) The oslo.messaging backend to configure for notify.
# Defaults to 'rabbit'.
#
class openstack_integration::config (
$ssl = false,
$ipv6 = false,
$ssl = false,
$ipv6 = false,
$rpc_backend = 'rabbit',
$notify_backend = 'rabbit',
) {
$messaging_default_proto = $rpc_backend
$messaging_notify_proto = $notify_backend
if $ssl {
$rabbit_port = '5671'
$proto = 'https'
$proto = 'https'
if $rpc_backend == 'amqp' {
$messaging_default_port = '31459'
} else {
$messaging_default_port = '5671'
}
$messaging_notify_port = '5671'
} else {
$rabbit_port = '5672'
$proto = 'http'
$proto = 'http'
if $rpc_backend == 'amqp' {
$messaging_default_port = '31459'
} else {
$messaging_default_port = '5672'
}
$messaging_notify_port = '5672'
}
$rabbit_port = $messaging_notify_port
if $ipv6 {
$host = '::1'
$rabbit_env = {
'RABBITMQ_NODE_IP_ADDRESS' => $host,
'RABBITMQ_SERVER_START_ARGS' => '"-proto_dist inet6_tcp"',
if $rpc_backend == 'rabbit' {
$rabbit_env = {
'RABBITMQ_NODE_IP_ADDRESS' => $host,
'RABBITMQ_SERVER_START_ARGS' => '"-proto_dist inet6_tcp"',
}
}
$ip_version = '6'
# Note (dmsimard): ipv6 parsing in Swift and keystone_authtoken are

25
manifests/glance.pp
View File

@ -39,6 +39,14 @@ class openstack_integration::glance (
require => Class['::rabbitmq'],
}
if $::openstack_integration::config::messaging_default_proto == 'amqp' {
qdr_user { 'glance':
password => 'an_even_bigger_secret',
provider => 'sasl',
require => Class['::qdr'],
}
}
class { '::glance::db::mysql':
password => 'glance',
}
@ -101,15 +109,22 @@ class openstack_integration::glance (
enable_v2_api => true,
}
class { '::glance::notify::rabbitmq':
default_transport_url => os_transport_url({
'transport' => 'rabbit',
default_transport_url => os_transport_url({
'transport' => $::openstack_integration::config::messaging_default_proto,
'host' => $::openstack_integration::config::host,
'port' => $::openstack_integration::config::rabbit_port,
'port' => $::openstack_integration::config::messaging_default_port,
'username' => 'glance',
'password' => 'an_even_bigger_secret',
}),
notification_driver => 'messagingv2',
rabbit_use_ssl => $::openstack_integration::config::ssl,
notification_transport_url => os_transport_url({
'transport' => $::openstack_integration::config::messaging_notify_proto,
'host' => $::openstack_integration::config::host,
'port' => $::openstack_integration::config::messaging_notify_port,
'username' => 'glance',
'password' => 'an_even_bigger_secret',
}),
notification_driver => 'messagingv2',
rabbit_use_ssl => $::openstack_integration::config::ssl,
}
}

28
manifests/heat.pp
View File

@ -18,6 +18,14 @@ class openstack_integration::heat {
}
Rabbitmq_user_permissions['heat@/'] -> Service<| tag == 'heat-service' |>
if $::openstack_integration::config::messaging_default_proto == 'amqp' {
qdr_user { 'heat':
password => 'an_even_bigger_secret',
provider => 'sasl',
require => Class['::qdr'],
}
}
if $::openstack_integration::config::ssl {
openstack_integration::ssl_key { 'heat':
require => Package['heat-common'],
@ -40,16 +48,24 @@ class openstack_integration::heat {
memcached_servers => $::openstack_integration::config::memcached_servers,
}
class { '::heat':
default_transport_url => os_transport_url({
'transport' => 'rabbit',
default_transport_url => os_transport_url({
'transport' => $::openstack_integration::config::messaging_default_proto,
'host' => $::openstack_integration::config::host,
'port' => $::openstack_integration::config::rabbit_port,
'port' => $::openstack_integration::config::messaging_default_port,
'username' => 'heat',
'password' => 'an_even_bigger_secret',
}),
rabbit_use_ssl => $::openstack_integration::config::ssl,
database_connection => 'mysql+pymysql://heat:heat@127.0.0.1/heat?charset=utf8',
debug => true,
notification_transport_url => os_transport_url({
'transport' => $::openstack_integration::config::messaging_notify_proto,
'host' => $::openstack_integration::config::host,
'port' => $::openstack_integration::config::messaging_notify_port,
'username' => 'heat',
'password' => 'an_even_bigger_secret',
}),
rabbit_use_ssl => $::openstack_integration::config::ssl,
amqp_sasl_mechanisms => 'PLAIN',
database_connection => 'mysql+pymysql://heat:heat@127.0.0.1/heat?charset=utf8',
debug => true,
}
class { '::heat::db::mysql':
password => 'heat',

13
manifests/ironic.pp
View File

@ -28,15 +28,24 @@ class openstack_integration::ironic {
# https://bugs.launchpad.net/ironic/+bug/1564075
Rabbitmq_user_permissions['ironic@/'] -> Service<| tag == 'ironic-service' |>
if $::openstack_integration::config::messaging_default_proto == 'amqp' {
qdr_user { 'ironic':
password => 'an_even_bigger_secret',
provider => 'sasl',
require => Class['::qdr'],
}
}
class { '::ironic':
default_transport_url => os_transport_url({
'transport' => 'rabbit',
'transport' => $::openstack_integration::config::messaging_default_proto,
'host' => $::openstack_integration::config::host,
'port' => $::openstack_integration::config::rabbit_port,
'port' => $::openstack_integration::config::messaging_default_port,
'username' => 'ironic',
'password' => 'an_even_bigger_secret',
}),
rabbit_use_ssl => $::openstack_integration::config::ssl,
amqp_sasl_mechanisms => 'PLAIN',
database_connection => 'mysql+pymysql://ironic:ironic@127.0.0.1/ironic?charset=utf8',
debug => true,
}

75
manifests/keystone.pp
View File

@ -30,6 +30,29 @@ class openstack_integration::keystone (
include ::openstack_integration::config
include ::openstack_integration::params
rabbitmq_user { 'keystone':
admin => true,
password => 'an_even_bigger_secret',
provider => 'rabbitmqctl',
require => Class['::rabbitmq'],
}
rabbitmq_user_permissions { 'keystone@/':
configure_permission => '.*',
write_permission => '.*',
read_permission => '.*',
provider => 'rabbitmqctl',
require => Class['::rabbitmq'],
}
Rabbitmq_user_permissions['keystone@/'] -> Service<| tag == 'keystone-service' |>
if $::openstack_integration::config::messaging_default_proto == 'amqp' {
qdr_user { 'keystone':
password => 'an_even_bigger_secret',
provider => 'sasl',
require => Class['::qdr'],
}
}
if $::openstack_integration::config::ssl {
openstack_integration::ssl_key { 'keystone':
notify => Service['httpd'],
@ -62,23 +85,41 @@ class openstack_integration::keystone (
password => 'keystone',
}
class { '::keystone':
debug => true,
database_connection => 'mysql+pymysql://keystone:keystone@127.0.0.1/keystone',
admin_token => 'a_big_token',
admin_password => 'a_big_secret',
enabled => true,
service_name => 'httpd',
default_domain => $default_domain,
using_domain_config => $using_domain_config,
enable_ssl => $::openstack_integration::config::ssl,
public_bind_host => $::openstack_integration::config::host,
admin_bind_host => $::openstack_integration::config::host,
manage_policyrcd => true,
token_provider => $token_provider,
enable_fernet_setup => $enable_fernet_setup,
enable_credential_setup => $enable_credential_setup,
fernet_max_active_keys => '4',
token_expiration => $token_expiration,
debug => true,
database_connection => 'mysql+pymysql://keystone:keystone@127.0.0.1/keystone',
admin_token => 'a_big_token',
admin_password => 'a_big_secret',
enabled => true,
service_name => 'httpd',
default_domain => $default_domain,
using_domain_config => $using_domain_config,
enable_ssl => $::openstack_integration::config::ssl,
public_bind_host => $::openstack_integration::config::host,
admin_bind_host => $::openstack_integration::config::host,
manage_policyrcd => true,
token_provider => $token_provider,
enable_fernet_setup => $enable_fernet_setup,
enable_credential_setup => $enable_credential_setup,
fernet_max_active_keys => '4',
token_expiration => $token_expiration,
default_transport_url => os_transport_url({
'transport' => $::openstack_integration::config::messaging_default_proto,
'host' => $::openstack_integration::config::host,
'port' => $::openstack_integration::config::messaging_default_port,
'username' => 'keystone',
'password' => 'an_even_bigger_secret',
}),
notification_transport_url => os_transport_url({
'transport' => $::openstack_integration::config::messaging_notify_proto,
'host' => $::openstack_integration::config::host,
'port' => $::openstack_integration::config::messaging_notify_port,
'username' => 'keystone',
'password' => 'an_even_bigger_secret',
}),
rabbit_use_ssl => $::openstack_integration::config::ssl,
}
class { '::keystone::messaging::amqp':
amqp_sasl_mechanisms => 'PLAIN',
}
include ::apache
class { '::keystone::wsgi::apache':

12
manifests/mistral.pp
View File

@ -19,6 +19,14 @@ class openstack_integration::mistral {
}
Rabbitmq_user_permissions['mistral@/'] -> Service<| tag == 'mistral-service' |>
if $::openstack_integration::config::messaging_default_proto == 'amqp' {
qdr_user { 'mistral':
password => 'an_even_bigger_secret',
provider => 'sasl',
require => Class['::qdr'],
}
}
if $::osfamily == 'RedHat' {
if $::openstack_integration::config::ssl {
openstack_integration::ssl_key { 'mistral':
@ -29,9 +37,9 @@ class openstack_integration::mistral {
}
class { '::mistral':
default_transport_url => os_transport_url({
'transport' => 'rabbit',
'transport' => $::openstack_integration::config::messaging_default_proto,
'host' => $::openstack_integration::config::host,
'port' => $::openstack_integration::config::rabbit_port,
'port' => $::openstack_integration::config::messaging_default_port,
'username' => 'mistral',
'password' => 'an_even_bigger_secret',
}),

12
manifests/murano.pp
View File

@ -23,6 +23,14 @@ class openstack_integration::murano {
require => [ Class['::rabbitmq'], Rabbitmq_vhost['/murano'] ],
}
if $::openstack_integration::config::messaging_default_proto == 'amqp' {
qdr_user { 'murano':
password => 'an_even_bigger_secret',
provider => 'sasl',
require => Class['::qdr'],
}
}
if $::openstack_integration::config::ssl {
openstack_integration::ssl_key { 'murano':
require => Package['murano-common'],
@ -43,9 +51,9 @@ class openstack_integration::murano {
class { '::murano':
admin_password => 'a_big_secret',
default_transport_url => os_transport_url({
'transport' => 'rabbit',
'transport' => $::openstack_integration::config::messaging_default_proto,
'host' => $::openstack_integration::config::host,
'port' => $::openstack_integration::config::rabbit_port,
'port' => $::openstack_integration::config::messaging_default_port,
'username' => 'murano',
'password' => 'an_even_bigger_secret',
}),

40
manifests/neutron.pp
View File

@ -46,6 +46,14 @@ class openstack_integration::neutron (
}
Rabbitmq_user_permissions['neutron@/'] -> Service<| tag == 'neutron-service' |>
if $::openstack_integration::config::messaging_default_proto == 'amqp' {
qdr_user { 'neutron':
password => 'an_even_bigger_secret',
provider => 'sasl',
require => Class['::qdr'],
}
}
case $driver {
'openvswitch': {
include ::vswitch::ovs
@ -132,22 +140,30 @@ class openstack_integration::neutron (
$plugins_list = delete_undef_values(['router', 'metering', 'firewall', 'lbaasv2', $bgpvpn_plugin, $l2gw_plugin])
class { '::neutron':
default_transport_url => os_transport_url({
'transport' => 'rabbit',
default_transport_url => os_transport_url({
'transport' => $::openstack_integration::config::messaging_default_proto,
'host' => $::openstack_integration::config::host,
'port' => $::openstack_integration::config::rabbit_port,
'port' => $::openstack_integration::config::messaging_default_port,
'username' => 'neutron',
'password' => 'an_even_bigger_secret',
}),
rabbit_use_ssl => $::openstack_integration::config::ssl,
allow_overlapping_ips => true,
core_plugin => 'ml2',
service_plugins => $plugins_list,
debug => true,
bind_host => $::openstack_integration::config::host,
use_ssl => $::openstack_integration::config::ssl,
cert_file => $::openstack_integration::params::cert_path,
key_file => "/etc/neutron/ssl/private/${::fqdn}.pem",
notification_transport_url => os_transport_url({
'transport' => $::openstack_integration::config::messaging_notify_proto,
'host' => $::openstack_integration::config::host,
'port' => $::openstack_integration::config::messaging_notify_port,
'username' => 'neutron',
'password' => 'an_even_bigger_secret',
}),
rabbit_use_ssl => $::openstack_integration::config::ssl,
amqp_sasl_mechanisms => 'PLAIN',
allow_overlapping_ips => true,
core_plugin => 'ml2',
service_plugins => $plugins_list,
debug => true,
bind_host => $::openstack_integration::config::host,
use_ssl => $::openstack_integration::config::ssl,
cert_file => $::openstack_integration::params::cert_path,
key_file => "/etc/neutron/ssl/private/${::fqdn}.pem",
}
class { '::neutron::client': }
class { '::neutron::keystone::authtoken':

26
manifests/nova.pp
View File

@ -36,10 +36,18 @@ class openstack_integration::nova (
Exec['update-ca-certificates'] ~> Service['httpd']
}
$transport_url = os_transport_url({
'transport' => 'rabbit',
$default_transport_url = os_transport_url({
'transport' => $::openstack_integration::config::messaging_default_proto,
'host' => $::openstack_integration::config::host,
'port' => $::openstack_integration::config::rabbit_port,
'port' => $::openstack_integration::config::messaging_default_port,
'username' => 'nova',
'password' => 'an_even_bigger_secret',
})
$notification_transport_url = os_transport_url({
'transport' => $::openstack_integration::config::messaging_notify_proto,
'host' => $::openstack_integration::config::host,
'port' => $::openstack_integration::config::messaging_notify_port,
'username' => 'nova',
'password' => 'an_even_bigger_secret',
})
@ -59,6 +67,14 @@ class openstack_integration::nova (
}
Rabbitmq_user_permissions['nova@/'] -> Service<| tag == 'nova-service' |>
if $::openstack_integration::config::messaging_default_proto == 'amqp' {
qdr_user { 'nova':
password => 'an_even_bigger_secret',
provider => 'sasl',
require => Class['::qdr'],
}
}
class { '::nova::db::mysql':
password => 'nova',
}
@ -101,11 +117,13 @@ class openstack_integration::nova (
memcached_servers => $::openstack_integration::config::memcached_servers,
}
class { '::nova':
default_transport_url => $transport_url,
default_transport_url => $default_transport_url,
notification_transport_url => $notification_transport_url,
database_connection => 'mysql+pymysql://nova:nova@127.0.0.1/nova?charset=utf8',
api_database_connection => 'mysql+pymysql://nova_api:nova@127.0.0.1/nova_api?charset=utf8',
placement_database_connection => 'mysql+pymysql://nova_placement:nova@127.0.0.1/nova_placement?charset=utf8',
rabbit_use_ssl => $::openstack_integration::config::ssl,
amqp_sasl_mechanisms => 'PLAIN',
use_ipv6 => $::openstack_integration::config::ipv6,
glance_api_servers => "${::openstack_integration::config::base_url}:9292",
debug => true,

60
manifests/qdr.pp Normal file
View File

@ -0,0 +1,60 @@
class openstack_integration::qdr {
include ::openstack_integration::params
include ::openstack_integration::config
if $::osfamily == 'Debian' {
include ::apt
Class['apt::update'] -> Package<| provider == 'apt' |>
apt::ppa { 'ppa:qpid/released' : }
package { 'pyngus':
ensure => present,
provider => 'pip'
}
}
$extra_addresses = [{'prefix' => 'openstack.org/om/rpc/multicast',
'distribution' => 'multicast'},
{'prefix' => 'openstack.org/om/rpc/unicast',
'distribution' => 'closest'},
{'prefix' => 'openstack.org/om/rpc/anycast',
'distribution' => 'balanced'},
{'prefix' => 'openstack.org/om/notify/multicast',
'distribution' => 'multicast'},
{'prefix' => 'openstack.org/om/notify/unicast',
'distribution' => 'closest'},
{'prefix' => 'openstack.org/om/notify/anycast',
'distribution' => 'balanced'}]
if $::openstack_integration::config::ssl {
file { '/etc/qpid-dispatch/ssl/private':
ensure => directory,
owner => 'root',
mode => '0755',
selinux_ignore_defaults => true,
before => File["/etc/qpid-dispatch/ssl/private/${::fqdn}.pem"],
}
openstack_integration::ssl_key { 'qdrouterd':
key_path => "/etc/qpid-dispatch/ssl/private/${::fqdn}.pem",
require => File['/etc/qpid-dispatch/ssl/private'],
notify => Service['qdrouterd'],
}
class { '::qdr':
listener_require_ssl => 'yes',
listener_ssl_cert_db => $::openstack_integration::params::ca_bundle_cert_path,
listener_ssl_cert_file => $::openstack_integration::params::cert_path,
listener_ssl_key_file => "/etc/qpid-dispatch/ssl/private/${::fqdn}.pem",
listener_addr => $::openstack_integration::config::host,
listener_port => $::openstack_integration::config::messaging_default_port,
listener_sasl_mech => 'PLAIN',
listener_auth_peer => 'yes',
extra_addresses => $extra_addresses,
}
} else {
class { '::qdr':
listener_addr => $::openstack_integration::config::host,
listener_port => $::openstack_integration::config::messaging_default_port,
listener_sasl_mech => 'PLAIN',
listener_auth_peer => 'yes',
extra_addresses => $extra_addresses,
}
}
}

13
manifests/sahara.pp
View File

@ -17,6 +17,14 @@ class openstack_integration::sahara {
require => Class['::rabbitmq'],
}
if $::openstack_integration::config::messaging_default_proto == 'amqp' {
qdr_user { 'sahara':
password => 'an_even_bigger_secret',
provider => 'sasl',
require => Class['::qdr'],
}
}
class { '::sahara::db::mysql':
password => 'sahara',
}
@ -32,13 +40,14 @@ class openstack_integration::sahara {
host => $::openstack_integration::config::host,
database_connection => 'mysql+pymysql://sahara:sahara@127.0.0.1/sahara?charset=utf8',
default_transport_url => os_transport_url({
'transport' => 'rabbit',
'transport' => $::openstack_integration::config::messaging_default_proto,
'host' => $::openstack_integration::config::host,
'port' => $::openstack_integration::config::rabbit_port,
'port' => $::openstack_integration::config::messaging_default_port,
'username' => 'sahara',
'password' => 'an_even_bigger_secret',
}),
rabbit_use_ssl => $::openstack_integration::config::ssl,
amqp_sasl_mechanisms => 'PLAIN',
debug => true,
}
class { '::sahara::keystone::authtoken':

28
manifests/trove.pp
View File

@ -17,6 +17,14 @@ class openstack_integration::trove {
require => Class['::rabbitmq'],
}
if $::openstack_integration::config::messaging_default_proto == 'amqp' {
qdr_user { 'trove':
password => 'an_even_bigger_secret',
provider => 'sasl',
require => Class['::qdr'],
}
}
if $::openstack_integration::config::ssl {
openstack_integration::ssl_key { 'trove':
require => Package['trove'],
@ -31,16 +39,24 @@ class openstack_integration::trove {
}
class { '::trove':
default_transport_url => os_transport_url({
'transport' => 'rabbit',
default_transport_url => os_transport_url({
'transport' => $::openstack_integration::config::messaging_default_proto,
'host' => $::openstack_integration::config::host,
'port' => $::openstack_integration::config::rabbit_port,
'port' => $::openstack_integration::config::messaging_default_port,
'username' => 'trove',
'password' => 'an_even_bigger_secret',
}),
database_connection => 'mysql+pymysql://trove:trove@127.0.0.1/trove?charset=utf8',
rabbit_use_ssl => $::openstack_integration::config::ssl,
nova_proxy_admin_pass => 'a_big_secret',
notification_transport_url => os_transport_url({
'transport' => $::openstack_integration::config::messaging_notify_proto,
'host' => $::openstack_integration::config::host,
'port' => $::openstack_integration::config::messaging_notify_port,
'username' => 'trove',
'password' => 'an_even_bigger_secret',
}),
database_connection => 'mysql+pymysql://trove:trove@127.0.0.1/trove?charset=utf8',
rabbit_use_ssl => $::openstack_integration::config::ssl,
amqp_sasl_mechanisms => 'PLAIN',
nova_proxy_admin_pass => 'a_big_secret',
}
class { '::trove::db::mysql':
password => 'trove',

31
manifests/vitrage.pp
View File

@ -17,6 +17,14 @@ class openstack_integration::vitrage {
require => Class['::rabbitmq'],
}
if $::openstack_integration::config::messaging_default_proto == 'amqp' {
qdr_user { 'vitrage':
password => 'an_even_bigger_secret',
provider => 'sasl',
require => Class['::qdr'],
}
}
if $::openstack_integration::config::ssl {
openstack_integration::ssl_key { 'vitrage':
notify => Service['httpd'],
@ -27,17 +35,26 @@ class openstack_integration::vitrage {
class { '::vitrage':
default_transport_url => os_transport_url({
'transport' => 'rabbit',
# TODO(ansmith): separate transports when bug/1711716 closed
default_transport_url => os_transport_url({
'transport' => $::openstack_integration::config::messaging_notify_proto,
'host' => $::openstack_integration::config::host,
'port' => $::openstack_integration::config::rabbit_port,
'port' => $::openstack_integration::config::messaging_notify_port,
'username' => 'vitrage',
'password' => 'an_even_bigger_secret',
}),
rabbit_use_ssl => $::openstack_integration::config::ssl,
debug => true,
snapshots_interval => 120,
types => 'nova.host,nova.instance,nova.zone,cinder.volume,neutron.port,neutron.network,doctor'
notification_transport_url => os_transport_url({
'transport' => $::openstack_integration::config::messaging_notify_proto,
'host' => $::openstack_integration::config::host,
'port' => $::openstack_integration::config::messaging_notify_port,
'username' => 'vitrage',
'password' => 'an_even_bigger_secret',
}),
rabbit_use_ssl => $::openstack_integration::config::ssl,
amqp_sasl_mechanisms => 'PLAIN',
debug => true,
snapshots_interval => 120,
types => 'nova.host,nova.instance,nova.zone,cinder.volume,neutron.port,neutron.network,doctor'
}
# Make sure tempest can read the configuration files

24
manifests/watcher.pp
View File

@ -17,6 +17,14 @@ class openstack_integration::watcher {
require => Class['rabbitmq'],
}
if $::openstack_integration::config::messaging_default_proto == 'amqp' {
qdr_user { 'watcher':
password => 'my_secret',
provider => 'sasl',
require => Class['::qdr'],
}
}
if $::openstack_integration::config::ssl {
openstack_integration::ssl_key { 'watcher':
require => Package['watcher'],
@ -48,14 +56,22 @@ class openstack_integration::watcher {
debug => true,
}
class { '::watcher':
default_transport_url => os_transport_url({
'transport' => 'rabbit',
default_transport_url => os_transport_url({
'transport' => $::openstack_integration::config::messaging_default_proto,
'host' => $::openstack_integration::config::host,
'port' => $::openstack_integration::config::rabbit_port,
'port' => $::openstack_integration::config::messaging_default_port,
'username' => 'watcher',
'password' => 'my_secret',
}),
rabbit_use_ssl => $::openstack_integration::config::ssl,
notification_transport_url => os_transport_url({
'transport' => $::openstack_integration::config::messaging_notify_proto,
'host' => $::openstack_integration::config::host,
'port' => $::openstack_integration::config::messaging_notify_port,
'username' => 'watcher',
'password' => 'my_secret',
}),
rabbit_use_ssl => $::openstack_integration::config::ssl,
amqp_sasl_mechanisms => 'PLAIN',
}
class { '::watcher::api':
watcher_api_bind_host => $::openstack_integration::config::host,