openstack
/
puppet-tripleo
Code Issues Proposed changes

Retire Tripleo: remove repo content 

TripleO project is retiring
- https://review.opendev.org/c/openstack/governance/+/905145

this commit remove the content of this project repo

Change-Id: I73df79a8698625815ea4e3099904da448a49887e
This commit is contained in:
Ghanshyam Mann 2024-02-24 11:32:37 -08:00
parent 019ec49518
commit e06f50cb06
680 changed files with 10 additions and 42085 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
.gitignore vendored
View File

@ -1,27 +0,0 @@
# Add patterns in here to exclude files created by tools integrated with this
# repository, such as test frameworks from the project's recommended workflow,
# rendered documentation and package builds.
#
# Don't add patterns to exclude files created by preferred personal tools
# (editors, IDEs, your operating system itself even). These should instead be
# maintained outside the repository, for example in a ~/.gitignore file added
# with:
#
# git config --global core.excludesfile '~/.gitignore'
pkg/
Gemfile.lock
vendor/
spec/fixtures/modules
spec/fixtures/manifests
.vagrant/
.bundle/
.bundle*/
coverage/
.idea/
*.iml
openstack/
# Files created from releasenotes build
releasenotes/build
.tox

3
.sync.yml
View File

@ -1,3 +0,0 @@
---
spec/spec_helper.rb:
unmanaged: true

36
Gemfile
View File

@ -1,36 +0,0 @@
source ENV['GEM_SOURCE'] || "https://rubygems.org"
group :development, :test, :system_tests do
spec_helper_dir = '/home/zuul/src/opendev.org/openstack/puppet-openstack_spec_helper'
if File.directory?(spec_helper_dir)
if ENV['ZUUL_PROJECT'] == 'openstack/puppet-openstack_spec_helper'
gem 'puppet-openstack_spec_helper',
:path => '../..',
:require => 'false'
else
gem 'puppet-openstack_spec_helper',
:path => spec_helper_dir,
:require => 'false'
end
else
spec_helper_version = ENV['ZUUL_BRANCH'] || "master"
gem 'puppet-openstack_spec_helper',
:git => 'https://opendev.org/openstack/puppet-openstack_spec_helper',
:ref => spec_helper_version,
:require => 'false'
end
end
if facterversion = ENV['FACTER_GEM_VERSION']
gem 'facter', facterversion, :require => false
else
gem 'facter', :require => false
end
if puppetversion = ENV['PUPPET_GEM_VERSION']
gem 'puppet', puppetversion, :require => false
else
gem 'puppet', :require => false
end
# vim:ft=ruby

176
LICENSE
View File

@ -1,176 +0,0 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.

34
Puppetfile_extras
View File

@ -1,34 +0,0 @@
## TripleO Puppet modules
mod 'haproxy',
:git => 'https://github.com/puppetlabs/puppetlabs-haproxy',
:ref => 'main'
mod 'etcd',
:git => 'https://github.com/puppet-etcd/puppet-etcd',
:ref => 'master'
mod 'systemd',
:git => 'https://github.com/camptocamp/puppet-systemd',
:ref => 'master'
mod 'rsyslog',
:git => 'https://github.com/voxpupuli/puppet-rsyslog',
:ref => 'master'
mod 'ssh',
:git => 'https://github.com/saz/puppet-ssh',
:ref => 'v3.0.1'
mod 'snmp',
:git => 'https://github.com/razorsedge/puppet-snmp',
:ref => 'master'
mod 'pacemaker',
:git => 'https://github.com/openstack/puppet-pacemaker',
:ref => 'master'
mod 'collectd',
:git => 'https://github.com/voxpupuli/puppet-collectd',
:ref => '20494e44a90073273a18fce71f4a602d5b5d0690'

20
README.md
View File

@ -1,20 +0,0 @@
Team and repository tags
========================
[![Team and repository tags](https://governance.openstack.org/tc/badges/puppet-tripleo.svg)](https://governance.openstack.org/tc/reference/tags/index.html)
<!-- Change things from this point on -->
# puppet-tripleo
Lightweight composition layer for Puppet TripleO.
## Contributing
* Free software: Apache License (2.0)
* Source: http://git.openstack.org/cgit/openstack/puppet-tripleo
* Bugs: http://bugs.launchpad.net/tripleo (tag: puppet)
* Documentation:
* TripleO: https://docs.openstack.org/tripleo-docs/latest/
* Testing with puppet: https://docs.openstack.org/puppet-openstack-guide/latest/contributor/testing.html
* Release Notes: https://docs.openstack.org/releasenotes/puppet-tripleo

10
README.rst Normal file
View File

@ -0,0 +1,10 @@
This project is no longer maintained.
The contents of this repository are still available in the Git
source code management system. To see the contents of this
repository before it reached its end of life, please check out the
previous commit with "git checkout HEAD^1".
For any further questions, please email
openstack-discuss@lists.openstack.org or join #openstack-dev on
OFTC.

7
Rakefile
View File

@ -1,7 +0,0 @@
require 'puppet-openstack_spec_helper/rake_tasks'
# We disable the unquoted node name check because puppet-pacemaker node
# properties make use of attributes called 'node' and puppet-lint breaks on
# them: https://github.com/rodjek/puppet-lint/issues/501
# We are not using site.pp with nodes so this is safe.
PuppetLint.configuration.send('disable_unquoted_node_name')

12
bindep.txt
View File

@ -1,12 +0,0 @@
# This is a cross-platform list tracking distribution packages needed by tests;
# see http://docs.openstack.org/infra/bindep/ for additional information.
libxml2-devel [test platform:rpm]
libxml2-dev [test platform:dpkg]
libxslt-devel [test platform:rpm]
libxslt1-dev [test platform:dpkg]
ruby-devel [test platform:rpm]
ruby-dev [test platform:dpkg]
zlib1g-dev [test platform:dpkg]
zlib-devel [test platform:rpm]
puppet [build]

6
doc/requirements.txt
View File

@ -1,6 +0,0 @@
# This is required for the docs build jobs
sphinx>=2.0.0,!=2.1.0 # BSD
openstackdocstheme>=2.2.1 # Apache-2.0
# This is required for the releasenotes build jobs
reno>=3.1.0 # Apache-2.0

42
files/mysql_ed25519_password.py
View File

@ -1,42 +0,0 @@
#!/usr/bin/env python3
import hashlib
import base64
import sys
from nacl.bindings.crypto_scalarmult import \
crypto_scalarmult_ed25519_base_noclamp
# https://github.com/MariaDB/server/blob/10.4/plugin/auth_ed25519/ref10/sign.c
# mariadb's use of ed25519:
# . password is the secret seed
# . ed25519's public key (computed from password) is what is stored in mariadb
# . the hash in mariadb is the base64 encoding of the pk minus the last '='
def _scalar_clamp(s32):
ba = bytearray(s32)
ba0 = bytes(bytearray([ba[0] & 248]))
ba31 = bytes(bytearray([(ba[31] & 127) | 64]))
return ba0 + bytes(s32[1:31]) + ba31
def mysql_ed25519_password(pwd):
# h = SHA512(password)
h = hashlib.sha512(pwd).digest()
# s = prune(first_half(h))
s = _scalar_clamp(h[:32])
# A = encoded point [s]B
A = crypto_scalarmult_ed25519_base_noclamp(s)
# encoded pk
encoded = base64.b64encode(A)[:-1]
return encoded
if __name__ == "__main__":
if len(sys.argv) <= 1:
print("Usage: %s PASSWORD" % sys.argv[0], file=sys.stderr)
sys.exit(1)
else:
pwd = sys.argv[1].encode()
res = mysql_ed25519_password(pwd)
print(res.decode(), end='')

34
lib/facter/alt_fqdns.rb
View File

@ -1,34 +0,0 @@
# Copyright 2016 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
[
'external',
'internal_api',
'storage',
'storage_mgmt',
'tenant',
'management',
'ctlplane',
].each do |network|
Facter.add('fqdn_' + network) do
setcode do
hostname_parts = [
Facter.value(:hostname),
network.gsub('_', ''),
Facter.value(:domain),
].reject { |part| part.nil? || part.empty? }
hostname_parts.join(".")
end
end
end

49
lib/facter/netmask_ipv6.rb
View File

@ -1,49 +0,0 @@
require 'ipaddr'
def netmask6(value)
if value
ip = IPAddr.new('::0').mask(value)
ip.inspect.split('/')[1].gsub('>', '')
end
end
if Facter.value('facterversion')[0].to_i < 3
Facter::Util::IP::REGEX_MAP[:linux][:ipaddress6] =
/inet6 (?:addr: )?((?!(?:fe80|::1))(?>[0-9,a-f,A-F]*\:{1,2})+[0-9,a-f,A-F]{0,4})/
Facter::Util::IP.get_interfaces.each do |interface|
Facter.add('netmask6_' + Facter::Util::IP.alphafy(interface)) do
setcode do
tmp = []
regex = %r{inet6\s+.*\s+(?:prefixlen)\s+(\d+)}x
output_int = Facter::Util::IP.get_output_for_interface_and_label(interface, 'netmask6')
output_int.each_line do |line|
prefixlen = nil
matches = line.match(regex)
prefixlen = matches[1] if matches
if prefixlen
value = netmask6(prefixlen)
tmp.push(value)
end
end
tmp.shift if tmp
end
end
end
Facter.add('netmask6') do
setcode do
prefixlen = nil
regex = %r{#{Facter.value(:ipaddress6)}.*?(?:prefixlen)\s*(\d+)}x
String(Facter::Util::IP.exec_ifconfig(['2>/dev/null'])).split(/\n/).collect do |line|
matches = line.match(regex)
prefixlen = matches[1] if matches
end
netmask6(prefixlen) if prefixlen
end
end
end

27
lib/facter/nic_alias.rb
View File

@ -1,27 +0,0 @@
# Copyright 2018 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
Facter.add('nic_alias') do
setcode do
os_net_config = '/usr/bin/os-net-config'
mapping_report = ''
if File.exist?(os_net_config)
mapping_report =
Facter::Core::Execution.execute("#{os_net_config} -i")
mapping_report.delete("{}' ")
end
mapping_report
end
end

27
lib/facter/stonith_levels.rb
View File

@ -1,27 +0,0 @@
# Copyright 2016 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
Facter.add('stonith_levels') do
setcode do
# If crm_node is present, return true. Otherwise, return false.
if Facter::Core::Execution.which('crm_node')
hostname = Facter::Core::Execution.execute("crm_node -n 2> /dev/null", {})
stonith_levels = Facter::Core::Execution.execute("pcs stonith level 2>&1 | sed -n \"/^Target: #{hostname}$/,/^Target:/{/^Target: #{hostname}$/b;/^Target:/b;p}\" |tail -1 | awk '{print $2}' 2> /dev/null", {}).to_i
stonith_levels
end
end
end

44
lib/puppet/functions/docker_volumes_to_storage_maps.rb
View File

@ -1,44 +0,0 @@
# This custom function converts an array of docker volumes to the storage_maps
# hash required by the pacemaker::resource::bundle resource. A prefix is added
# to each entry in the storage map to ensure the Puppet resources are unique.
#
# Given:
# docker_volumes = ["/src/vol1:/tgt/vol1", "/src/vol2:/tgt/vol2:ro"]
# prefix = "my-prefix"
# Returns:
# storage_maps = {
# "my-prefix-src-vol1" => {
# "source-dir" => "/src/vol1",
# "target-dir" => "/tgt/vol1",
# "options" => "rw",
# },
# "my-prefix-src-vol2" => {
# "source-dir" => "/src/vol2",
# "target-dir" => "/tgt/vol2",
# "options" => "ro",
# }
# }
Puppet::Functions.create_function(:'docker_volumes_to_storage_maps') do
dispatch :docker_volumes_to_storage_maps do
param 'Array', :docker_volumes
param 'String', :prefix
return_type 'Hash'
end
def docker_volumes_to_storage_maps(docker_volumes, prefix)
storage_maps = Hash.new
docker_volumes.each do |docker_vol|
source, target, options = docker_vol.split(":")
unless options
options = "rw"
end
storage_maps[prefix + source.gsub("/", "-")] = {
"source-dir" => source,
"target-dir" => target,
"options" => options,
}
end
return storage_maps
end
end

32
lib/puppet/functions/ip_to_erl_format.rb
View File

@ -1,32 +0,0 @@
require 'ipaddr'
# Custom function to convert an IP4/6 address from a string to the
# erlang inet kernel format.
# For example from "172.17.0.16" to {172,17,0,16}
# See http://erlang.org/doc/man/kernel_app.html and http://erlang.org/doc/man/inet.html
# for more information.
Puppet::Functions.create_function(:ip_to_erl_format) do
dispatch :ip_to_erl_format do
param 'String', :ip_addr
end
def ip_to_erl_format(ip_addr)
ip = IPAddr.new(ip_addr)
output = '{'
if ip.ipv6?
split_char = ':'
base = 16
else
split_char = '.'
base = 10
end
# to_string() prints the canonicalized form
ip.to_string().split(split_char).each {
|x| output += x.to_i(base).to_s + ','
}
# Remove the last spurious comma
output = output.chomp(',')
output += '}'
return output
end
end

31
lib/puppet/functions/list_to_hash.rb
View File

@ -1,31 +0,0 @@
# This function is an hack because we are not enabling Puppet parser
# that would allow us to manipulate data iterations directly in manifests.
#
# Example:
# keystone_vips = ['192.168.0.1:5000', '192.168.0.2:5000']
# $keystone_bind_opts = ['transparent']
#
# Using this function:
# $keystone_vips_hash = list_to_hash($keystone_vips, $keystone_bind_opts)
#
# Would return:
# $keystone_vips_hash = {
# '192.168.0.1:5000' => ['transparent'],
# '192.168.0.2:5000' => ['transparent'],
# }
#
# Disclaimer: this function is an hack and will disappear once TripleO enable
# Puppet parser.
#
Puppet::Functions.create_function(:list_to_hash) do
dispatch :list_to_hash do
param 'Array', :arr1
param 'Array', :arr2
end
def list_to_hash(arr1, arr2)
hh = arr1.each_with_object({}) { |v,h| h[v] = arr2 }
return hh
end
end

30
lib/puppet/functions/merge_hash_values.rb
View File

@ -1,30 +0,0 @@
# This function merges two hashes and concatenate the values of
# identical keys
#
# Example:
# $frontend = { 'option' => [ 'tcpka', 'tcplog' ],
# 'timeout client' => '90m' }
# $backend = { 'option' => [ 'httpchk' ],
# 'timeout server' => '90m' }
#
# Using this function:
# $merge = merge_hash_values($frontend, $backend)
#
# Would return:
# $merge = { 'option' => [ 'tcpka', 'tcplog', 'httpchk' ],
# 'timeout client' => '90m',
# 'timeout server' => '90m' }
#
Puppet::Functions.create_function(:'merge_hash_values') do
dispatch :merge_hash_values do
param 'Hash', :hash1
param 'Hash', :hash2
return_type 'Hash'
end
def merge_hash_values(hash1, hash2)
hh = hash1.merge(hash2) {|k, v1, v2| (v2 + v1).uniq()}
return hh
end
end

21
lib/puppet/functions/mysql_ed25519_password.rb
View File

@ -1,21 +0,0 @@
# Custom function to generate password hash for MariaDB's auth_ed25519
# Input is a regular mariadb user password
# Output is the hashed password as expected by auth_ed25519
Puppet::Functions.create_function(:'mysql_ed25519_password') do
dispatch :mysql_ed25519_password do
param 'String', :password
return_type 'String'
end
def mysql_ed25519_password(password)
# mysql's auth_ed25519 consists in generating a ed25519 public key
# out of the sha512(password). Unfortunately, there is no native
# ruby implementation of ed25519's unclamped scalar multiplication
# just yet, so rely on an binary to get the hash for now.
python = `(which python3 || which python2 || which python) 2>/dev/null`
raise Puppet::Error, 'python interpreter not found in path' unless $?.success?
hashed = `#{python.rstrip()} /etc/puppet/modules/tripleo/files/mysql_ed25519_password.py #{password}`
raise Puppet::Error, 'generated hash is not 43 bytes long.' unless hashed.length == 43
return hashed
end
end

93
lib/puppet/functions/noop_resource.rb
View File

@ -1,93 +0,0 @@
# Copyright 2017 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# Author: Dan Prince <dprince@redhat.com>
#
# A function to create noop providers (set as the default) for the named
# resource. This works alongside of 'puppet apply --tags' to disable
# some custom resource types that still attempt to run commands during
# prefetch, etc.
class Puppet::Provider::Noop < Puppet::Provider
# generic resource interfaces
def create
true
end
def destroy
true
end
def exists?
false
end
# package resource
def install
true
end
def uninstall
true
end
def latest
true
end
def update
true
end
def purge
true
end
def self.instances
[]
end
# service resource
def status
0
end
def start
true
end
def stop
true
end
# some puppet-keystone resources require this
def self.resource_to_name(domain, name, check_for_default = true)
return name
end
end
Puppet::Functions.create_function(:noop_resource) do
dispatch :noop_resource do
param 'String', :res
end
def noop_resource(res)
Puppet::Type.type(res.downcase.to_sym).provide(:noop, :parent => Puppet::Provider::Noop) do
defaultfor :osfamily => :redhat
end
return true
end
end

24
lib/puppet/functions/pacemaker_bundle_replicas.rb
View File

@ -1,24 +0,0 @@
# Custom function to extract the current number of replicas for a pacemaker
# resource, as defined in the pacemaker cluster.
# Input is the name of a pacemaker bundle resource
# Output is the number of replicas for that resource or 0 if not found
Puppet::Functions.create_function(:'pacemaker_bundle_replicas') do
dispatch :pacemaker_bundle_replicas do
param 'String', :bundle
return_type 'Integer'
end
def pacemaker_bundle_replicas(bundle)
# the name of the node holding the replicas attribute varies based on the
# container engine used (podman, docker...), so match via attributes instead
replicas = `cibadmin -Q | xmllint --xpath "string(//bundle[@id='#{bundle}']/*[boolean(@image) and boolean(@run-command)]/@replicas)" -`
# strip line break
replicas.strip!
# post-condition: 0 in case the bundle does not exist or an error occurred
if $?.success? && !replicas.empty?
return Integer(replicas)
else
return 0
end
end
end

39
lib/puppet/functions/qdr_ssl_certificate.rb
View File

@ -1,39 +0,0 @@
# This adds to ssl profile hash a proper value of "caCertFile" key for "caCertFileContent" key.
#
# Given:
# ssl_profiles = [{"name": "test", "caCertFileContent": "cert content", ...}, ...]
# cert_dir = "/etc/pki/tls/certs/"
# Returns:
# ssl_profiles = [
# {"name": "test",
# "caCertFileContent": "cert content",
# "caCertFile": "/etc/pki/tls/certs/CA_test.pem",
# ... },
# ...
# ]
Puppet::Functions.create_function(:qdr_ssl_certificate) do
dispatch :qdr_ssl_certificate do
param 'Array', :ssl_profiles
param 'String', :cert_dir
return_type 'Array'
end
def qdr_ssl_certificate(ssl_profiles, cert_dir)
processed_profiles = Array.new
ssl_profiles.each do |profile|
if profile.key?("caCertFileContent")
processed = profile.clone
# create certificate path
path = File.join(cert_dir, "CA_#{processed["name"]}.pem")
# update profile
processed["caCertFile"] = path
processed_profiles.append(processed)
else
processed_profiles.append(profile)
end
end
return processed_profiles
end
end

27
lib/puppet/functions/tripleo_swift_devices.rb
View File

@ -1,27 +0,0 @@
# Build Swift devices list from the parts, e.g. for:
# raw_disk_prefix = 'r1z1-'
# swift_storage_node_ips = ['192.168.1.12', '192.168.1.13']
# raw_disks = [':%PORT%/device1', ':%PORT%/device2']
#
# devices will be ['r1z1-192.168.1.12:%PORT%/device1',
# 'r1z1-192.168.1.12:%PORT%/device2'
# 'r1z1-192.168.1.13:%PORT%/device1'
# 'r1z1-192.168.1.13:%PORT%/device2']
Puppet::Functions.create_function(:tripleo_swift_devices) do
dispatch :tripleo_swift_devices do
param 'String', :raw_disk_prefix
param 'Array', :swift_node_ips
param 'Array', :raw_disks
end
def tripleo_swift_devices(raw_disk_prefix, swift_node_ips, raw_disks)
devices = []
for ip in swift_node_ips do
for disk in raw_disks do
devices << "#{raw_disk_prefix}#{ip}#{disk}"
end
end
return devices
end
end

85
lib/puppet/parser/functions/interface_for_ip.rb
View File

@ -1,85 +0,0 @@
require 'ipaddr'
# Custom function to lookup the interface which matches the subnet
# of the provided IP address.
# The function iterates over all the interfaces and chooses the
# first locally assigned interface which matches the IP.
module Puppet::Parser::Functions
newfunction(:interface_for_ip, :type => :rvalue, :doc => "Find the bind IP address for the provided subnet.") do |arg|
if arg[0].class == String
begin
ip1 = IPAddr.new(arg[0])
network_facts = lookupvar('networking')
Dir.foreach('/sys/class/net/') do |interface|
next if interface == '.' || interface == '..'
# puppet downcases fact names, interface names can have capitals but
# in facter 2.x they were lower case. In facter 3.x they can have
# capitals
iface_no_dash = interface.gsub('-', '_').downcase
if ip1.ipv4?
ipaddress_name = "ipaddress_#{iface_no_dash}"
netmask_name = "netmask_#{iface_no_dash}"
facter_ip = 'ip'
facter_netmask = 'netmask'
else
ipaddress_name = "ipaddress6_#{iface_no_dash}"
netmask_name = "netmask6_#{iface_no_dash}"
facter_ip = 'ip6'
facter_netmask = 'netmask6'
end
if network_facts.nil? or network_facts['interfaces'].nil? then
# facter 2 facts
interface_ip = lookupvar(ipaddress_name)
next if interface_ip.nil?
ip2 = IPAddr.new(interface_ip)
netmask = lookupvar(netmask_name)
return interface if ip1.mask(netmask) == ip2.mask(netmask)
else
# facter 3+ syntax:
# networking => {
# ...
# interfaces => {
# br-ctlplane => {
# bindings => [
# {
# address => "192.168.24.1",
# netmask => "255.255.255.0",
# network => "192.168.24.0"
# }
# ],
# bindings6 => [
# {
# address => "fe80::5054:ff:fe22:bac3",
# netmask => "ffff:ffff:ffff:ffff::",
# network => "fe80::"
# }
# ],
# ip => "192.168.24.1",
# ip6 => "fe80::5054:ff:fe22:bac3",
# mac => "52:54:00:22:ba:c3",
# mtu => 1500,
# netmask => "255.255.255.0",
# netmask6 => "ffff:ffff:ffff:ffff::",
# network => "192.168.24.0",
# network6 => "fe80::"
# },
# },
# ...
# }
next if network_facts['interfaces'][interface].nil? or network_facts['interfaces'][interface][facter_ip].nil?
ip2 = IPAddr.new(network_facts['interfaces'][interface][facter_ip])
netmask = network_facts['interfaces'][interface][facter_netmask]
return interface if ip1.mask(netmask) == ip2.mask(netmask)
end
end
rescue IPAddr::InvalidAddressError => e
raise Puppet::ParseError, "#{e}: #{arg[0]}"
end
else
raise Puppet::ParseError, "Syntax error: #{arg[0]} must be a String"
end
return ''
end
end

34
lib/puppet/parser/functions/local_fence_devices.rb
View File

@ -1,34 +0,0 @@
module Puppet::Parser::Functions
newfunction(:local_fence_devices, :arity =>2, :type => :rvalue,
:doc => ("Given an array of fence device configs, limit them" +
"to fence devices whose MAC address is present on" +
"some of the local NICs, and prepare a hash which can be" +
"passed to create_resources function")) do |args|
agent = args[0]
devices = args[1]
unless agent.is_a?(String) && agent.length > 0
raise Puppet::ParseError, "local_fence_devices: Argument 'agent' must be a non-empty string. The value given was: #{agent_type}"
end
unless devices.is_a?(Array)
raise Puppet::ParseError, "local_fence_devices: Argument 'devices' must be an array. The value given was: #{devices}"
end
# filter by agent type
agent_type_devices = devices.select { |device| device['agent'] == agent }
# filter by local mac address
local_devices = agent_type_devices.select do |device|
function_has_interface_with(['macaddress', device['host_mac']])
end
# construct a hash for create_resources
return local_devices.each_with_object({}) do |device, hash|
# disallow collisions
if hash[device['host_mac']]
raise Puppet::ParseError, "local_fence_devices: Only single fence device per agent per host is allowed. Collision on #{device['host_mac']} for #{agent}"
end
hash[device['host_mac']] = device['params'] || {}
end
end
end

51
lib/puppet/provider/package/norpm.rb
View File

@ -1,51 +0,0 @@
# Copyright 2015 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
require 'puppet'
require 'puppet/provider/package'
Puppet::Type.type(:package).provide :norpm, :source => :rpm, :parent => :rpm do
desc "RPM packaging provider that does not install anything."
has_feature :virtual_packages
def latest
@resource.fail "'latest' is unsupported by this provider."
end
def install
Puppet.warning("[norpm] Attempting to install #{name} but it will not be installed")
true
end
def uninstall
Puppet.warning("[norpm] Attempting to uninstall #{name} but it will not be removed")
true
end
def update
Puppet.warning("[norpm] Attempting to update #{name} but it will not be updated")
true
end
def purge
Puppet.warning("[norpm] Attempting to purge #{name} but it will not be removed")
true
end
def self.instances
return []
end
end

44
manifests/config.pp
View File

@ -1,44 +0,0 @@
# == Class: tripleo::config
#
# Configure services with Puppet
#
# === Parameters:
#
# [*configs*]
# (optional) Configuration to inject.
# Should be an hash.
# Default to lookup('param_config', {})
#
# [*providers*]
# (optional) Filter the providers we want
# to use for config.
# Should be an array.
# Default to lookup('param_providers', Array[String], 'deep', [])
#
class tripleo::config(
$configs = lookup('param_config', {}),
$providers = lookup('param_providers', Array[String], 'deep', []),
) {
if ! empty($configs) {
# Allow composable services to load their own configurations.
# Each service can load its config options by using this form:
#
# puppet_config:
# param_config:
# 'aodh_config':
# DEFAULT:
# foo: fooValue
# bar: barValue
$configs.each |$provider, $sections| {
if empty($providers) or ($provider in $providers) {
$sections.each |$section, $params| {
$params.each |$param, $value| {
create_resources($provider, {"${section}/${param}" => {'value' => $value }})
}
}
}
}
}
}

222
manifests/fencing.pp
View File

@ -1,222 +0,0 @@
# == Class: tripleo::fencing
#
# Configure Pacemaker fencing devices for TripleO.
#
# === Parameters:
#
# [*config*]
# JSON config of fencing devices, using the following structure:
# {
# "devices": [
# {
# "agent": "AGENT_NAME",
# "host_mac": "HOST_MAC_ADDRESS",
# "params": {"PARAM_NAME": "PARAM_VALUE"}
# }
# ]
# }
# For instance:
# {
# "devices": [
# {
# "agent": "fence_xvm",
# "host_mac": "52:54:00:aa:bb:cc",
# "params": {
# "multicast_address": "225.0.0.12",
# "port": "baremetal_0",
# "manage_fw": true,
# "manage_key_file": true,
# "key_file": "/etc/fence_xvm.key",
# "key_file_password": "abcdef"
# }
# }
# ]
# }
# Defaults to {}
#
# [*tries*]
# Number of attempts when creating fence devices and constraints.
# Defaults to 10
#
# [*try_sleep*]
# Delay (in seconds) between attempts when creating fence devices
# and constraints.
# Defaults to 3
#
# [*deep_compare*]
# Enable deep comparing of resources and bundles
# When set to true a resource will be compared in full (options, meta parameters,..)
# to the existing one and in case of difference it will be repushed to the CIB
# Defaults to false
#
# [*update_settle_secs*]
# When deep_compare is enabled and puppet updates a resource, this
# parameter represents the number (in seconds) to wait for the cluster to settle
# after the resource update.
# Defaults to 600 (seconds)
#
# [*watchdog_timeout*]
# Only valid if sbd watchdog fencing is enabled.
# Pacemaker will assume unseen nodes self-fence within this much time.
# Defaults to 60 (seconds)
#
# [*enable_instanceha*]
# (Optional) Boolean driving the Instance HA controlplane configuration
# Defaults to lookup('tripleo::instanceha', undef, undef, false),
#
class tripleo::fencing(
$config = {},
$tries = 10,
$try_sleep = 3,
$deep_compare = false,
$update_settle_secs = 600,
$watchdog_timeout = 60,
$enable_instanceha = lookup('tripleo::instanceha', undef, undef, false),
) {
$common_params = {
'tries' => $tries,
'try_sleep' => $try_sleep,
'deep_compare' => $deep_compare,
'update_settle_secs' => $update_settle_secs
}
# check if instanceha is enabled
if member(lookup('compute_instanceha_short_node_names', undef, undef, []), downcase($::hostname)) {
$is_compute_instanceha_node = true
} else {
$is_compute_instanceha_node = false
}
$content = $config['devices']
# check if the devices: section in fence.yaml contains levels.
# if it doesn't, assume level=1 and build a hash with the content.
$all_levels = $content ? {
Array => {'level1' => $content},
default => $content
}
# collect the number of stonith levels currently defined for this system
# and convert it to integer.
$local_levels = 0 + $facts['stonith_levels']
# if the number of levels defined on this system is greater than the number in hiera
# we need to delete the delta.
if $local_levels > $all_levels.length {
$begin = $all_levels.length + 1
range("${begin}", "${local_levels}").each |$level|{
pacemaker::stonith::level{ "stonith-${level}":
ensure => 'absent',
level => $level,
target => '$(/usr/sbin/crm_node -n)',
stonith_resources => [''],
tries => $tries,
try_sleep => $try_sleep,
}
}
}
$all_levels.each |$index, $levelx_devices |{
$level = regsubst($index, 'level', '', 'G')
$all_devices = $levelx_devices
$xvm_devices = local_fence_devices('fence_xvm', $all_devices)
create_resources('pacemaker::stonith::fence_xvm', $xvm_devices, $common_params)
$ironic_devices = local_fence_devices('fence_ironic', $all_devices)
create_resources('pacemaker::stonith::fence_ironic', $ironic_devices, $common_params)
$redfish_devices = local_fence_devices('fence_redfish', $all_devices)
create_resources('pacemaker::stonith::fence_redfish', $redfish_devices, $common_params)
$ipmilan_devices = local_fence_devices('fence_ipmilan', $all_devices)
create_resources('pacemaker::stonith::fence_ipmilan', $ipmilan_devices, $common_params)
$kdump_devices = local_fence_devices('fence_kdump', $all_devices)
create_resources('pacemaker::stonith::fence_kdump', $kdump_devices, $common_params)
$kubevirt_devices = local_fence_devices('fence_kubevirt', $all_devices)
create_resources('pacemaker::stonith::fence_kubevirt', $kubevirt_devices, $common_params)
$rhev_devices = local_fence_devices('fence_rhevm', $all_devices)
create_resources('pacemaker::stonith::fence_rhevm', $rhev_devices, $common_params)
$ucs_devices = local_fence_devices('fence_cisco_ucs', $all_devices)
create_resources('pacemaker::stonith::fence_cisco_ucs', $ucs_devices, $common_params)
$data = {
'xvm' => $xvm_devices, 'ironic' => $ironic_devices, 'redfish' => $redfish_devices,
'ipmilan' => $ipmilan_devices, 'kdump' => $kdump_devices, 'kubevirt' => $kubevirt_devices,
'rhevm' => $rhev_devices, 'cisco_ucs' => $ucs_devices
}
# let's store the number of stonith devices created for this server.
# this will be used to detect if there is a least one and fail if
# instance_ha is configured and puppet is running on a compute node.
$data_num = [
length($ironic_devices), length($redfish_devices),
length($ipmilan_devices), length($kdump_devices), length($rhev_devices)
]
$sum = $data_num.reduce |$memo, $value| { $memo + $value }
$data.each |$items| {
$driver = $items[0]
$driver_devices = $items[1]
# if there is no valid stonith device and this is a compute-instanceha node we raise an exception
if $level == '1' and $sum == 0 and $enable_instanceha and $is_compute_instanceha_node {
fail('Instance HA requires at least one valid stonith device')
}
if $driver_devices and length($driver_devices) == 1 {
$mac = keys($driver_devices)[0]
$safe_mac = regsubst($mac, ':', '', 'G')
if ($enable_instanceha and $is_compute_instanceha_node) {
$stonith_resources = [ "stonith-fence_${driver}-${safe_mac}", 'stonith-fence_compute-fence-nova' ]
}
else {
$stonith_resources = [ "stonith-fence_${driver}-${safe_mac}" ]
}
pacemaker::stonith::level{ "stonith-${level}-${safe_mac}":
level => $level,
target => '$(/usr/sbin/crm_node -n)',
stonith_resources => $stonith_resources,
tries => $tries,
try_sleep => $try_sleep,
}
Pcmk_stonith<||> -> Pcmk_stonith_level<||>
}
}
# we use the boostrap_node to create the watchdog resource and the stonith
# topology for all the nodes in the cluster, because the watchdog resource
# is not per-node but cluster-wide
$watchdog_devices = local_fence_devices('fence_watchdog', $all_devices)
if length($watchdog_devices) > 0 {
# check if this is the bootstrap node
if downcase($::hostname) == lookup('pacemaker_short_bootstrap_node_name') {
create_resources('pacemaker::stonith::fence_watchdog', $watchdog_devices, $common_params)
$stonith_resources = [ 'watchdog' ]
# if this is the boostrap node we set watchdog as levelX for all
# the pacemaker nodes
lookup('pacemaker_short_node_names').each |$node| {
pacemaker::stonith::level{ "stonith-${level}-watchdog-${node}":
level => $level,
target => $node,
stonith_resources => [ 'watchdog' ],
tries => $tries,
try_sleep => $try_sleep,
}
}
pacemaker::property { 'stonith-watchdog-timeout':
property => 'stonith-watchdog-timeout',
value => $watchdog_timeout,
tries => $tries,
}
Pcmk_property<||> -> Pcmk_stonith<||> -> Pcmk_stonith_level<||>
}
}
}
}

1839
manifests/haproxy.pp
View File

File diff suppressed because it is too large Load Diff

321
manifests/haproxy/endpoint.pp
View File

@ -1,321 +0,0 @@
# Copyright 2014 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
# == Class: tripleo::haproxy::endpoint
#
# Configure a HAProxy listen endpoint
#
# [*internal_ip*]
# The IP in which the proxy endpoint will be listening in the internal
# network.
#
# [*service_port*]
# The default port on which the endpoint will be listening.
#
# [*member_options*]
# Options for the balancer member, specified after the server declaration.
# These should go in the member's configuration block.
#
# [*use_backend_syntax*]
# (optional) When set to true, generate a config with frontend and
# backend sections, otherwise use listen sections.
# Defaults to lookup('haproxy_backend_syntax', undef, undef, false)
#
# [*haproxy_port*]
# An alternative port, on which haproxy will listen for incoming requests.
# Defaults to service_port.
#
# [*base_service_name*]
# In cases where the service name doesn't match the endpoint name, you can
# specify this option in order to get an appropriate value for $ip_addresses
# and $server_names. So, this will be used in hiera to derive these, if set.
# Defaults to undef
#
# [*ip_addresses*]
# The ordered list of IPs to be used to contact the balancer member.
# Defaults to lookup("${name}_node_ips", undef, undef, undef)
#
# [*server_names*]
# The names of the balancer members, which usually should be the hostname.
# Defaults to lookup("${name}_node_names", undef, undef, undef)
#
# [*public_virtual_ip*]
# Address in which the proxy endpoint will be listening in the public network.
# If this service is internal only this should be omitted.
# Defaults to undef.
#
# [*mode*]
# HAProxy mode in which the endpoint will be listening. This can be undef,
# tcp, http or health.
# Defaults to undef.
#
# [*haproxy_listen_bind_param*]
# A list of params to be added to the HAProxy listener bind directive.
# Defaults to undef.
#
# [*listen_options*]
# Options specified for the listening service's configuration block (in
# HAproxy terms, the frontend).
# defaults to {'option' => []}
#
# [*frontend_options*]
# Options specified for the frontend service's configuration block
# defaults to {'option' => []}
#
# [*backend_options*]
# Options specified for the service's backend configuration block
# defaults to {'option' => []}
#
# [*public_ssl_port*]
# The port used for the public proxy endpoint if it differs from the default
# one. This is used only if SSL is enabled, and it's used in order to avoid
# overriding with the internal proxy endpoint (which could happen if they were
# in the same network).
# Defaults to undef.
#
# [*public_certificate*]
# Certificate path used to enable TLS for the public proxy endpoint.
# Defaults to undef.
#
# [*use_internal_certificates*]
# Flag that indicates if we'll use an internal certificate for this specific
# service. When set, enables SSL on the internal API endpoints using the file
# that certmonger is tracking; this is derived from the network the service is
# listening on.
# Defaults to false
#
# [*internal_certificates_specs*]
# A hash that should contain the specs that were used to create the
# certificates. As the name indicates, only the internal certificates will be
# fetched from here. And the keys should follow the following pattern
# "haproxy-<network name>". The network name should be as it was defined in
# tripleo-heat-templates.
# Note that this is only taken into account if the $use_internal_certificates
# flag is set.
# Defaults to {}
#
# [*service_network*]
# (optional) Indicates the network that the service is running on. Used for
# fetching the certificate for that specific network.
# Defaults to undef
#
# [*authorized_userlist*]
# (optional) Userlist that may access the endpoint. Activate Basic Authentication.
# You'll need to create a tripleo::haproxy::userlist in order to use that option.
# Defaults to undef
#
# [*sticky_sessions*]
# (optional) Enable sticky sessions for this frontend using a cookie
#
# [*session_cookie*]
# (optional) Cookie name to use for sticky sessions. This should be different
# for each service using sticky sessions.
#
define tripleo::haproxy::endpoint (
$internal_ip,
$service_port,
$member_options,
$use_backend_syntax = lookup('haproxy_backend_syntax', undef, undef, false),
$haproxy_port = undef,
$base_service_name = undef,
$ip_addresses = lookup("${name}_node_ips", undef, undef, undef),
$server_names = lookup("${name}_node_names", undef, undef, undef),
$public_virtual_ip = undef,
$mode = undef,
$haproxy_listen_bind_param = undef,
$listen_options = {
'option' => [],
},
$frontend_options = {
'option' => [],
},
$backend_options = {
'option' => [],
},
$public_ssl_port = undef,
$public_certificate = undef,
$use_internal_certificates = false,
$internal_certificates_specs = {},
$service_network = undef,
$authorized_userlist = undef,
$sticky_sessions = false,
$session_cookie = 'STICKYSESSION',
) {
if $haproxy_port {
$haproxy_port_real = $haproxy_port
$service_port_real = $service_port
} else {
$haproxy_port_real = $service_port
$service_port_real = $service_port
}
if $base_service_name {
$ip_addresses_real = lookup("${base_service_name}_node_ips", undef, undef, undef)
} else {
$ip_addresses_real = $ip_addresses
}
if $base_service_name {
$server_names_real = lookup("${base_service_name}_node_names", undef, undef, undef)
} else {
$server_names_real = $server_names
}
# Let users override the options on a per-service basis
$custom_options = lookup("tripleo::haproxy::${name}::options", undef, undef, undef)
$custom_frontend_options = lookup("tripleo::haproxy::${name}::frontend_options", undef, undef, undef)
$custom_backend_options = lookup("tripleo::haproxy::${name}::backend_options", undef, undef, undef)
$custom_bind_options_public = delete(
any2array(lookup("tripleo::haproxy::${name}::public_bind_options", undef, undef, undef)),
undef).flatten()
$custom_bind_options_internal = delete(
any2array(lookup("tripleo::haproxy::${name}::internal_bind_options", undef, undef, undef)),
undef).flatten()
if $public_virtual_ip {
# service exposed to the public network
if $public_certificate {
if $mode == 'http' {
$tls_listen_options = {
'http-response' => 'replace-header Location http://(.*) https://\\1',
'redirect' => "scheme https code 301 if { hdr(host) -i ${public_virtual_ip} } !{ ssl_fc }",
}
$listen_options_precookie = merge($tls_listen_options, $listen_options, $custom_options)
$frontend_options_precookie = merge($tls_listen_options, $frontend_options, $custom_frontend_options)
} else {
$listen_options_precookie = merge($listen_options, $custom_options)
$frontend_options_precookie = merge($frontend_options, $custom_frontend_options)
}
$public_bind_opts = list_to_hash(suffix(any2array($public_virtual_ip), ":${public_ssl_port}"),
union($haproxy_listen_bind_param, ['ssl', 'crt', $public_certificate], $custom_bind_options_public))
} else {
$listen_options_precookie = merge($listen_options, $custom_options)
$frontend_options_precookie = merge($frontend_options, $custom_frontend_options)
$public_bind_opts = list_to_hash(suffix(any2array($public_virtual_ip), ":${haproxy_port_real}"),
union($haproxy_listen_bind_param, $custom_bind_options_public))
}
} else {
# internal service only
$public_bind_opts = {}
$listen_options_precookie = merge($listen_options, $custom_options)
$frontend_options_precookie = merge($frontend_options, $custom_frontend_options)
}
if $sticky_sessions {
$cookie_options = {
'cookie' => "${session_cookie} insert indirect nocache",
}
$listen_options_real = merge($listen_options_precookie, $cookie_options)
$frontend_options_real = merge($frontend_options_precookie, $cookie_options)
} else {
$listen_options_real = $listen_options_precookie
$frontend_options_real = $frontend_options_precookie
}
if $use_internal_certificates {
if !$service_network {
fail("The service_network for this service is undefined. Can't configure TLS for the internal network.")
}
if $service_network == 'external' and $public_certificate {
# NOTE(jaosorior): This service has been configured to use the external
# network. We should use the public certificate in this case.
$internal_cert_path = $public_certificate
} else {
# NOTE(jaosorior): This service is configured for the internal network.
# We use the certificate spec hash. The key of the
# internal_certificates_specs hash must must match the convention
# haproxy-<network name> or else this will fail. Further, it must
# contain the path that we'll use under 'service_pem'.
$internal_cert_path = $internal_certificates_specs["haproxy-${service_network}"]['service_pem']
}
$internal_bind_opts = list_to_hash(suffix(any2array($internal_ip), ":${haproxy_port_real}"),
union($haproxy_listen_bind_param, ['ssl', 'crt', $internal_cert_path],
$custom_bind_options_internal))
} else {
if $service_network == 'external' and $public_certificate {
$internal_bind_opts = list_to_hash(suffix(any2array($internal_ip), ":${haproxy_port_real}"),
union($haproxy_listen_bind_param, ['ssl', 'crt', $public_certificate],
$custom_bind_options_internal))
} else {
$internal_bind_opts = list_to_hash(suffix(any2array($internal_ip), ":${haproxy_port_real}"),
union($haproxy_listen_bind_param, $custom_bind_options_internal))
}
}
if $authorized_userlist {
$access_rules = {
'acl' => "acl Auth${name} http_auth(${authorized_userlist})",
'http-request' => "auth realm ${name} if !Auth${name}",
}
if $use_backend_syntax {
Haproxy::Frontend[$name] {
require => Tripleo::Haproxy::Userlist[$authorized_userlist],
}
} else {
Haproxy::Listen[$name] {
require => Tripleo::Haproxy::Userlist[$authorized_userlist],
}
}
} else {
$access_rules = {}
}
$_real_options = merge($listen_options_real, $access_rules)
$_real_frontend_options = merge($frontend_options_real, $access_rules,
{ 'default_backend' => "${name}_be" })
$bind_opts = merge($internal_bind_opts, $public_bind_opts)
if $use_backend_syntax {
haproxy::frontend { "${name}":
bind => $bind_opts,
collect_exported => false,
mode => $mode,
options => $_real_frontend_options,
}
haproxy::backend { "${name}_be":
mode => $mode,
options => merge($backend_options, $custom_backend_options),
}
$listening_service = "${name}_be"
} else {
haproxy::listen { "${name}":
bind => $bind_opts,
collect_exported => false,
mode => $mode,
options => $_real_options,
}
$listening_service = "${name}"
}
if $sticky_sessions {
hash(zip($ip_addresses_real, $server_names_real)).each | $ip, $server | {
# We need to be sure the IP (IPv6) don't have colons
# which is a reserved character to reference manifests
$non_colon_ip = regsubst($ip, ':', '-', 'G')
haproxy::balancermember { "${name}_${non_colon_ip}_${server}":
listening_service => $listening_service,
ports => "${service_port_real}",
ipaddresses => $ip,
server_names => $server,
options => union($member_options, ["cookie ${server}"]),
}
}
} else {
haproxy::balancermember { "${name}":
listening_service => $listening_service,
ports => "${service_port_real}",
ipaddresses => $ip_addresses_real,
server_names => $server_names_real,
options => $member_options,
}
}
}

211
manifests/haproxy/horizon_endpoint.pp
View File

@ -1,211 +0,0 @@
# Copyright 2014 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
# == Class: tripleo::haproxy::endpoint
#
# Configure a HAProxy listen endpoint
#
# [*internal_ip*]
# The IP in which the proxy endpoint will be listening in the internal
# network.
#
# [*ip_addresses*]
# The ordered list of IPs to be used to contact the balancer member.
#
# [*server_names*]
# The names of the balancer members, which usually should be the hostname.
#
# [*member_options*]
# Options for the balancer member, specified after the server declaration.
# These should go in the member's configuration block.
#
# [*public_virtual_ip*]
# Address in which the proxy endpoint will be listening in the public network.
# If this service is internal only this should be omitted.
# Defaults to undef.
#
# [*use_backend_syntax*]
# (optional) When set to true, generate a config with frontend and
# backend sections, otherwise use listen sections.
# Defaults to lookup('haproxy_backend_syntax', undef, undef, false)
#
# [*haproxy_listen_bind_param*]
# A list of params to be added to the HAProxy listener bind directive.
# Defaults to undef.
#
# [*public_certificate*]
# Certificate path used to enable TLS for the public proxy endpoint.
# Defaults to undef.
#
# [*use_internal_certificates*]
# Flag that indicates if we'll use an internal certificate for this specific
# service. When set, enables SSL on the internal API endpoints using the file
# that certmonger is tracking; this is derived from the network the service is
# listening on.
# Defaults to false
#
# [*internal_certificates_specs*]
# A hash that should contain the specs that were used to create the
# certificates. As the name indicates, only the internal certificates will be
# fetched from here. And the keys should follow the following pattern
# "haproxy-<network name>". The network name should be as it was defined in
# tripleo-heat-templates.
# Note that this is only taken into account if the $use_internal_certificates
# flag is set.
# Defaults to {}
#
# [*service_network*]
# (optional) Indicates the network that the service is running on. Used for
# fetching the certificate for that specific network.
# Defaults to undef
#
# [*hsts_header_value*]
# (optional) Adds the HTTP Strict Transport Security (HSTS) header to
# response. This takes effect only when public_certificate is set.
# Defaults to undef
#
class tripleo::haproxy::horizon_endpoint (
$internal_ip,
$ip_addresses,
$server_names,
$member_options,
$public_virtual_ip,
$use_backend_syntax = lookup('haproxy_backend_syntax', undef, undef, false),
$haproxy_listen_bind_param = undef,
$public_certificate = undef,
$use_internal_certificates = false,
$internal_certificates_specs = {},
$service_network = undef,
$hsts_header_value = undef,
) {
# Let users override the options on a per-service basis
$custom_options = lookup('tripleo::haproxy::horizon::options', undef, undef, undef)
$custom_frontend_options = lookup('tripleo::haproxy::horizon::frontend_options', undef, undef, undef)
$custom_backend_options = lookup('tripleo::haproxy::horizon::backend_options', undef, undef, undef)
$custom_bind_options_public = delete(
any2array(lookup('tripleo::haproxy::horizon::public_bind_options', undef, undef, undef)),
undef).flatten()
$custom_bind_options_internal = delete(
any2array(lookup('tripleo::haproxy::horizon::internal_bind_options', undef, undef, undef)),
undef).flatten()
# service exposed to the public network
if $public_certificate {
if $use_internal_certificates {
if !$service_network {
fail("The service_network for this service is undefined. Can't configure TLS for the internal network.")
}
# NOTE(jaosorior): The key of the internal_certificates_specs hash must
# must match the convention haproxy-<network name> or else this
# will fail. Further, it must contain the path that we'll use under
# 'service_pem'.
$internal_cert_path = $internal_certificates_specs["haproxy-${service_network}"]['service_pem']
$internal_bind_opts = union($haproxy_listen_bind_param, ['ssl', 'crt', $internal_cert_path])
} else {
# If no internal cert is given, we still configure TLS for the internal
# network, however, we expect that the public certificate has appropriate
# subjectaltnames set.
$internal_bind_opts = union($haproxy_listen_bind_param, ['ssl', 'crt', $public_certificate])
}
# NOTE(jaosorior): If the internal_ip and the public_virtual_ip are the
# same, the first option takes precedence. Which is the case when network
# isolation is not enabled. This is not a problem as both options are
# identical. If network isolation is enabled, this works correctly and
# will add a TLS binding to both the internal_ip and the
# public_virtual_ip.
# Even though for the public_virtual_ip the port 80 is listening, we
# redirect to https in the horizon_options below.
$horizon_bind_opts = {
"${internal_ip}:80" => union($haproxy_listen_bind_param, $custom_bind_options_internal),
"${internal_ip}:443" => union($internal_bind_opts, $custom_bind_options_internal),
"${public_virtual_ip}:80" => union($haproxy_listen_bind_param, $custom_bind_options_public),
"${public_virtual_ip}:443" => union($haproxy_listen_bind_param, ['ssl', 'crt', $public_certificate], $custom_bind_options_public),
}
if $hsts_header_value != undef {
$hsts_header_value_real = join(any2array($hsts_header_value), '; ')
$hsts_response = "set-header Strict-Transport-Security \"${hsts_header_value_real};\""
} else {
$hsts_response = undef
}
$horizon_frontend_options = {
'http-response' => delete_undef_values([
'replace-header Location http://(.*) https://\\1',
$hsts_response]),
# NOTE(jaosorior): We always redirect to https for the public_virtual_ip.
'redirect' => 'scheme https code 301 if !{ ssl_fc }',
'option' => [ 'forwardfor' ],
'http-request' => [
'set-header X-Forwarded-Proto https if { ssl_fc }',
'set-header X-Forwarded-Proto http if !{ ssl_fc }'],
}
} else {
$horizon_bind_opts = {
"${internal_ip}:80" => union($haproxy_listen_bind_param, $custom_bind_options_internal),
"${public_virtual_ip}:80" => union($haproxy_listen_bind_param, $custom_bind_options_public),
}
$horizon_frontend_options = {
'option' => [ 'forwardfor' ],
}
}
$horizon_backend_options = {
'cookie' => 'SERVERID insert indirect nocache',
'option' => [ 'httpchk' ],
}
$horizon_options = merge_hash_values($horizon_backend_options,
$horizon_frontend_options)
if $use_internal_certificates {
# Use SSL port if TLS in the internal network is enabled.
$backend_port = '443'
} else {
$backend_port = '80'
}
if $use_backend_syntax {
haproxy::frontend { 'horizon':
bind => $horizon_bind_opts,
options => merge($horizon_frontend_options,
{ default_backend => 'horizon_be' },
$custom_frontend_options),
mode => 'http',
collect_exported => false,
}
haproxy::backend { 'horizon_be':
options => merge($horizon_backend_options, $custom_backend_options),
mode => 'http',
}
} else {
haproxy::listen { 'horizon':
bind => $horizon_bind_opts,
options => merge($horizon_options, $custom_options),
mode => 'http',
collect_exported => false,
}
}
hash(zip($ip_addresses, $server_names)).each | $ip, $server | {
# We need to be sure the IP (IPv6) don't have colons
# which is a reserved character to reference manifests
$non_colon_ip = regsubst($ip, ':', '-', 'G')
haproxy::balancermember { "horizon_${non_colon_ip}_${server}":
listening_service => 'horizon_be',
ports => "${backend_port}",
ipaddresses => $ip,
server_names => $server,
options => union($member_options, ["cookie ${server}"]),
}
}
}

48
manifests/haproxy/service_endpoints.pp
View File

@ -1,48 +0,0 @@
# Copyright 2017 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Define: tripleo::haproxy::service_endpoints
#
# Define used to create haproxyendpoints for composable services.
#
# === Parameters:
#
# [*service_name*]
# (optional) The service_name to create the service endpoint(s) for.
# Defaults to $title
#
define tripleo::haproxy::service_endpoints ($service_name = $title) {
$underscore_name = regsubst($service_name, '-', '_', 'G')
# This allows each composable service to load its own custom rules by
# creating its own flat hiera key named:
# tripleo.<service name with underscores>.haproxy_endpoints
# tripleo.<service name with underscores>.haproxy_userlists
$dots_endpoints = lookup("'tripleo.${underscore_name}.haproxy_endpoints'", undef, undef, {})
$dots_userlists = lookup("'tripleo.${underscore_name}.haproxy_userlists'", undef, undef, {})
# Supports standard "::" notation
# tripleo::<service name with underscores>::haproxy_endpoints
# tripleo::<service name with underscores>::haproxy_userlists
$colons_endpoints = lookup("tripleo::${underscore_name}::haproxy_endpoints", undef, undef, {})
$colons_userlists = lookup("tripleo::${underscore_name}::haproxy_userlists", undef, undef, {})
# Merge hashes
$service_endpoints = merge($colons_endpoints, $dots_endpoints)
$service_userlists = merge($colons_userlists, $dots_userlists)
create_resources('tripleo::haproxy::userlist', $service_userlists)
create_resources('tripleo::haproxy::endpoint', $service_endpoints)
}

101
manifests/haproxy/stats.pp
View File

@ -1,101 +0,0 @@
# Copyright 2014 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
# == Class: tripleo::haproxy::stats
#
# Configure the HAProxy stats interface
#
# [*haproxy_listen_bind_param*]
# A list of params to be added to the HAProxy listener bind directive.
#
# [*ip*]
# IP Address(es) on which the stats interface is listening on.
# Can be a string or a list of ip addresses
#
# [*use_backend_syntax*]
# (optional) When set to true, generate a config with frontend and
# backend sections, otherwise use listen sections.
# Defaults to lookup('haproxy_backend_syntax', undef, undef, false)
#
# [*port*]
# Port on which to listen to for haproxy stats web interface
# Defaults to '1993'
#
# [*password*]
# Password for haproxy stats authentication. When set, authentication is
# enabled on the haproxy stats endpoint.
# A string.
# Defaults to undef
#
# [*certificate*]
# Filename of an HAProxy-compatible certificate and key file
# When set, enables SSL on the haproxy stats endpoint using the specified file.
# Defaults to undef
#
# [*user*]
# Username for haproxy stats authentication.
# A string.
# Defaults to 'admin'
#
class tripleo::haproxy::stats (
$haproxy_listen_bind_param,
$ip,
$use_backend_syntax = lookup('haproxy_backend_syntax', undef, undef, false),
$port = '1993',
$password = undef,
$certificate = undef,
$user = 'admin'
) {
if $certificate {
$opts = union($haproxy_listen_bind_param, ['ssl', 'crt', $certificate])
} else {
$opts = $haproxy_listen_bind_param
}
$haproxy_stats_bind_opts = list_to_hash(suffix(any2array($ip), ":${port}"), $opts)
$stats_base = ['enable', 'uri /']
if $password {
$stats_config = union($stats_base, ["auth ${user}:${password}"])
} else {
$stats_config = $stats_base
}
if $use_backend_syntax {
haproxy::frontend { 'haproxy.stats':
bind => $haproxy_stats_bind_opts,
mode => 'http',
options => {
'default_backend' => 'haproxy.stats_be',
'stats' => $stats_config,
},
collect_exported => false,
}
haproxy::backend { 'haproxy.stats_be':
mode => 'http',
options => {
'stats' => $stats_config,
},
}
} else {
haproxy::listen { 'haproxy.stats':
bind => $haproxy_stats_bind_opts,
mode => 'http',
options => {
'stats' => $stats_config,
},
collect_exported => false,
}
}
}

54
manifests/haproxy/userlist.pp
View File

@ -1,54 +0,0 @@
# Copyright 2017 Camptocamp SA.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Definition: tripleo::haproxy::userlist
#
# Configure an HAProxy userlist. It wrapps haproxy::userlist definition.
#
# [*groups*]
# List of groups
#
# [*users*]
# List of users
#
# == Example
# ::tripleo::haproxy::userlist {'starwars':
# groups => [
# 'aldebaran users leia,luke',
# 'deathstar users anakin,sith',
# ],
# users => [
# 'leia insecure-password sister',
# 'luke insecure-password jedi',
# 'anakin insecure-password darthvador',
# 'sith password $5$h9LsKUOeCr$UlD62CNEpuZQkGYdBoiFJLsM6TlXluRLBlhEnpjDdaC', # mkpasswd -m sha-256 darkSideOfTheForce
# ]
# }
#
# Please refer to the following HAProxy documentation for more options:
# http://cbonte.github.io/haproxy-dconv/configuration-1.4.html#3.4-user
# http://cbonte.github.io/haproxy-dconv/configuration-1.4.html#3.4-group
#
#
define tripleo::haproxy::userlist(
Optional[Array] $groups = [],
Optional[Array] $users = [],
) {
::haproxy::userlist {$name:
users => $users,
groups => $groups,
}
}

23
manifests/init.pp
View File

@ -1,23 +0,0 @@
#
# Copyright (C) 2015 eNovance SAS <licensing@enovance.com>
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: tripleo
#
# Installs the system requirements
#
class tripleo{
}

68
manifests/noop.pp
View File

@ -1,68 +0,0 @@
# Copyright 2015 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
# == Class: tripleo::noop
#
# Enable noop mode for various Puppet resource types via collectors.
#
# === Parameters:
# [*package*]
# Whether Package resources should be noop.
# Defaults to true
#
# [*file*]
# Whether File resources should be noop.
# Defaults to true
#
# [*service*]
# Whether Service resources should be noop.
# Defaults to true
#
# [*exec*]
# Whether Exec resources should be noop.
# Defaults to true
#
# [*user*]
# Whether User resources should be noop.
# Defaults to true
#
# [*group*]
# Whether Group resources should be noop.
# Defaults to true
#
# [*cron*]
# Whether Cron resources should be noop.
# Defaults to true
#
#
class tripleo::noop (
$package = true,
$file = true,
$service = true,
$exec = true,
$user = true,
$group = true,
$cron = true,
) {
Package <| |> { noop => $package}
File <| |> { noop => $file}
Service <| |> { noop => $service}
Exec <| |> { noop => $exec}
User <| |> { noop => $user}
Group <| |> { noop => $group}
Cron <| |> { noop => $cron}
}

124
manifests/pacemaker/haproxy_with_vip.pp
View File

@ -1,124 +0,0 @@
# Copyright 2016 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Define: tripleo::pacemaker::haproxy_with_vip
#
# Configure the vip with the haproxy under pacemaker
#
# === Parameters:
#
# [*vip_name*]
# (String) Logical name of the vip (control, public, storage ...)
# Required
#
# [*ip_address*]
# (String) IP address on which HAProxy is colocated
# Required
#
# [*location_rule*]
# (optional) Add a location constraint before actually enabling
# the resource. Must be a hash like the following example:
# location_rule => {
# resource_discovery => 'exclusive', # optional
# role => 'master|slave', # optional
# score => 0, # optional
# score_attribute => foo, # optional
# # Multiple expressions can be used
# expression => ['opsrole eq controller']
# }
# Defaults to undef
#
# [*meta_params*]
# (optional) Additional meta parameters to pass to "pcs resource create" for the VIP
# Defaults to ''
#
# [*op_params*]
# (optional) Additional op parameters to pass to "pcs resource create" for the VIP
# Defaults to ''
#
# [*pcs_tries*]
# (Optional) The number of times pcs commands should be retried.
# Defaults to 1
#
# [*nic*]
# (Optional) Specifies the nic interface on which the VIP should be added
# Defaults to undef
#
# [*ensure*]
# (Boolean) Create the all the resources only if true. False won't
# destroy the resource, it will just not create them.
# Default to true
#
define tripleo::pacemaker::haproxy_with_vip(
$vip_name,
$ip_address,
$location_rule = undef,
$meta_params = '',
$op_params = '',
$pcs_tries = 1,
$nic = undef,
$ensure = true
){
if($ensure) {
if $ip_address =~ Stdlib::Compat::Ipv6 {
$netmask = '128'
$vip_nic = interface_for_ip($ip_address)
$ipv6_addrlabel = '99'
} elsif $ip_address =~ Stdlib::Compat::Ip_address {
$netmask = '32'
$vip_nic = ''
$ipv6_addrlabel = ''
} else {
fail("Haproxy VIP: ${ip_address} is not a proper IP address.")
}
if $nic != undef {
$nic_real = $nic
} else {
$nic_real = $vip_nic
}
pacemaker::resource::ip { "${vip_name}_vip":
ip_address => $ip_address,
cidr_netmask => $netmask,
nic => $nic_real,
ipv6_addrlabel => $ipv6_addrlabel,
meta_params => "resource-stickiness=INFINITY ${meta_params}",
location_rule => $location_rule,
op_params => $op_params,
tries => $pcs_tries,
}
pacemaker::constraint::order { "${vip_name}_vip-then-haproxy":
first_resource => "ip-${ip_address}",
second_resource => 'haproxy-bundle',
first_action => 'start',
second_action => 'start',
constraint_params => 'kind=Optional',
tries => $pcs_tries,
}
pacemaker::constraint::colocation { "${vip_name}_vip-with-haproxy":
source => "ip-${ip_address}",
target => 'haproxy-bundle',
score => 'INFINITY',
tries => $pcs_tries,
}
Pacemaker::Resource::Ip["${vip_name}_vip"]
-> Pacemaker::Resource::Bundle['haproxy-bundle']
-> Pacemaker::Constraint::Order["${vip_name}_vip-then-haproxy"]
-> Pacemaker::Constraint::Colocation["${vip_name}_vip-with-haproxy"]
}
}

41
manifests/packages.pp
View File

@ -1,41 +0,0 @@
# Copyright 2015 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
# == Class: tripleo::packages
#
# Configure package installation/upgrade defaults.
#
# === Parameters:
#
# [*enable_install*]
# Whether to enable package installation via Puppet.
# Defaults to false
#
class tripleo::packages (
$enable_install = false,
) {
# if both enable_install is false
if (!str2bool($enable_install)) {
case $::osfamily {
'RedHat': {
Package <| |> { provider => 'norpm' }
}
default: {
warning('enable_install option not supported for this distro.')
}
}
}
}

129
manifests/profile/base/aodh.pp
View File

@ -1,129 +0,0 @@
# Copyright 2016 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: tripleo::profile::base::aodh
#
# aodh profile for tripleo
#
# === Parameters
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
# Defaults to Integer(lookup('step'))
#
# [*bootstrap_node*]
# (Optional) The hostname of the node responsible for bootstrapping tasks
# Defaults to lookup('aodh_api_bootstrap_node_name', undef, undef, undef)
#
# [*oslomsg_rpc_proto*]
# Protocol driver for the oslo messaging rpc service
# Defaults to lookup('oslo_messaging_rpc_scheme', undef, undef, 'rabbit')
#
# [*oslomsg_rpc_hosts*]
# list of the oslo messaging rpc host fqdns
# Defaults to any2array(lookup('oslo_messaging_rpc_node_names', undef, undef, undef))
#
# [*oslomsg_rpc_port*]
# IP port for oslo messaging rpc service
# Defaults to lookup('oslo_messaging_rpc_port', undef, undef, '5672')
#
# [*oslomsg_rpc_username*]
# Username for oslo messaging rpc service
# Defaults to lookup('oslo_messaging_rpc_user_name', undef, undef, 'guest')
#
# [*oslomsg_rpc_password*]
# Password for oslo messaging rpc service
# Defaults to lookup('oslo_messaging_rpc_password')
#
# [*oslomsg_rpc_use_ssl*]
# Enable ssl oslo messaging services
# Defaults to lookup('oslo_messaging_rpc_use_ssl', undef, undef, '0')
#
# [*oslomsg_notify_proto*]
# Protocol driver for the oslo messaging notify service
# Defaults to lookup('oslo_messaging_notify_scheme', undef, undef, 'rabbit')
#
# [*oslomsg_notify_hosts*]
# list of the oslo messaging notify host fqdns
# Defaults to any2array(lookup('oslo_messaging_notify_node_names', undef, undef, undef))
#
# [*oslomsg_notify_port*]
# IP port for oslo messaging notify service
# Defaults to lookup('oslo_messaging_notify_port', undef, undef, '5672')
#
# [*oslomsg_notify_username*]
# Username for oslo messaging notify service
# Defaults to lookup('oslo_messaging_notify_user_name', undef, undef, 'guest')
#
# [*oslomsg_notify_password*]
# Password for oslo messaging notify service
# Defaults to lookup('oslo_messaging_notify_password')
#
# [*oslomsg_notify_use_ssl*]
# Enable ssl oslo messaging services
# Defaults to lookup('oslo_messaging_notify_use_ssl', undef, undef, '0')
class tripleo::profile::base::aodh (
$step = Integer(lookup('step')),
$bootstrap_node = lookup('aodh_api_bootstrap_node_name', undef, undef, undef),
$oslomsg_rpc_proto = lookup('oslo_messaging_rpc_scheme', undef, undef, 'rabbit'),
$oslomsg_rpc_hosts = any2array(lookup('oslo_messaging_rpc_node_names', undef, undef, undef)),
$oslomsg_rpc_password = lookup('oslo_messaging_rpc_password'),
$oslomsg_rpc_port = lookup('oslo_messaging_rpc_port', undef, undef, '5672'),
$oslomsg_rpc_username = lookup('oslo_messaging_rpc_user_name', undef, undef, 'guest'),
$oslomsg_rpc_use_ssl = lookup('oslo_messaging_rpc_use_ssl', undef, undef, '0'),
$oslomsg_notify_proto = lookup('oslo_messaging_notify_scheme', undef, undef, 'rabbit'),
$oslomsg_notify_hosts = any2array(lookup('oslo_messaging_notify_node_names', undef, undef, undef)),
$oslomsg_notify_password = lookup('oslo_messaging_notify_password'),
$oslomsg_notify_port = lookup('oslo_messaging_notify_port', undef, undef, '5672'),
$oslomsg_notify_username = lookup('oslo_messaging_notify_user_name', undef, undef, 'guest'),
$oslomsg_notify_use_ssl = lookup('oslo_messaging_notify_use_ssl', undef, undef, '0'),
) {
if $bootstrap_node and $::hostname == downcase($bootstrap_node) {
$sync_db = true
} else {
$sync_db = false
}
if $step >= 4 or ($step >= 3 and $sync_db) {
$oslomsg_rpc_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_rpc_use_ssl)))
$oslomsg_notify_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_notify_use_ssl)))
class { 'aodh' :
default_transport_url => os_transport_url({
'transport' => $oslomsg_rpc_proto,
'hosts' => $oslomsg_rpc_hosts,
'port' => $oslomsg_rpc_port,
'username' => $oslomsg_rpc_username,
'password' => $oslomsg_rpc_password,
'ssl' => $oslomsg_rpc_use_ssl_real,
}),
notification_transport_url => os_transport_url({
'transport' => $oslomsg_notify_proto,
'hosts' => $oslomsg_notify_hosts,
'port' => $oslomsg_notify_port,
'username' => $oslomsg_notify_username,
'password' => $oslomsg_notify_password,
'ssl' => $oslomsg_notify_use_ssl_real,
}),
}
include aodh::service_credentials
include aodh::config
include aodh::db
include aodh::db::sync
include aodh::logging
}
}

105
manifests/profile/base/aodh/api.pp
View File

@ -1,105 +0,0 @@
# Copyright 2016 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: tripleo::profile::base::aodh::api
#
# aodh API profile for tripleo
#
# === Parameters
#
# [*aodh_network*]
# (Optional) The network name where the aodh endpoint is listening on.
# This is set by t-h-t.
# Defaults to lookup('aodh_api_network', undef, undef, undef)
#
# [*bootstrap_node*]
# (Optional) The hostname of the node responsible for bootstrapping tasks
# Defaults to lookup('aodh_api_bootstrap_node_name', undef, undef, undef)
#
# [*certificates_specs*]
# (Optional) The specifications to give to certmonger for the certificate(s)
# it will create.
# Example with hiera:
# apache_certificates_specs:
# httpd-internal_api:
# hostname: <overcloud controller fqdn>
# service_certificate: <service certificate path>
# service_key: <service key path>
# principal: "haproxy/<overcloud controller fqdn>"
# Defaults to lookup('apache_certificates_specs', undef, undef, {}).
#
# [*enable_internal_tls*]
# (Optional) Whether TLS in the internal network is enabled or not.
# Defaults to lookup('enable_internal_tls', undef, undef, false)
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
# Defaults to Integer(lookup('step'))
#
# [*enable_aodh_expirer*]
# (Optional) Whether aodh expirer should be configured
# Defaults to lookup('enable_aodh_expirer', undef, undef, true)
#
# [*configure_apache*]
# (Optional) Whether apache is configured via puppet or not.
# Defaults to lookup('configure_apache', undef, undef, true)
#
class tripleo::profile::base::aodh::api (
$aodh_network = lookup('aodh_api_network', undef, undef, undef),
$bootstrap_node = lookup('aodh_api_bootstrap_node_name', undef, undef, undef),
$certificates_specs = lookup('apache_certificates_specs', undef, undef, {}),
$enable_internal_tls = lookup('enable_internal_tls', undef, undef, false),
$step = Integer(lookup('step')),
$enable_aodh_expirer = true,
$configure_apache = lookup('configure_apache', undef, undef, true),
) {
if $bootstrap_node and $::hostname == downcase($bootstrap_node) {
$is_bootstrap = true
} else {
$is_bootstrap = false
}
include tripleo::profile::base::aodh
include tripleo::profile::base::aodh::authtoken
if $enable_internal_tls {
if !$aodh_network {
fail('aodh_api_network is not set in the hieradata.')
}
$tls_certfile = $certificates_specs["httpd-${aodh_network}"]['service_certificate']
$tls_keyfile = $certificates_specs["httpd-${aodh_network}"]['service_key']
} else {
$tls_certfile = undef
$tls_keyfile = undef
}
if $step >= 4 or ( $step >= 3 and $is_bootstrap ) {
include aodh::api
include aodh::healthcheck
if $configure_apache {
include tripleo::profile::base::apache
class { 'aodh::wsgi::apache':
ssl_cert => $tls_certfile,
ssl_key => $tls_keyfile,
}
}
}
if $step >= 5 {
if $enable_aodh_expirer {
include aodh::expirer
}
}
}

84
manifests/profile/base/aodh/authtoken.pp
View File

@ -1,84 +0,0 @@
# Copyright 2019 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: tripleo::profile::base::aodh::authtoken
#
# Aodh authtoken profile for TripleO
#
# === Parameters
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
# Defaults to Integer(lookup('step'))
#
# [*memcached_hosts*]
# (Optional) Array of hostnames, ipv4 or ipv6 addresses for memcache.
# Defaults to lookup('memcached_node_names', undef, undef, [])
#
# [*memcached_port*]
# (Optional) Memcached port to use.
# Defaults to lookup('memcached_authtoken_port', undef, undef, 11211)
#
# [*memcached_ipv6*]
# (Optional) Whether Memcached uses IPv6 network instead of IPv4 network.
# Defaults to lookup('memcached_ipv6', undef, undef, false)
#
# [*security_strategy*]
# (Optional) Memcached (authtoken) security strategy.
# Defaults to lookup('memcached_authtoken_security_strategy', undef, undef, undef)
#
# [*secret_key*]
# (Optional) Memcached (authtoken) secret key, used with security_strategy.
# The key is hashed with a salt, to isolate services.
# Defaults to lookup('memcached_authtoken_secret_key', undef, undef, undef)
#
# DEPRECATED PARAMETERS
#
# [*memcached_ips*]
# (Optional) Array of ipv4 or ipv6 addresses for memcache.
# Defaults to undef
#
class tripleo::profile::base::aodh::authtoken (
$step = Integer(lookup('step')),
$memcached_hosts = lookup('memcached_node_names', undef, undef, []),
$memcached_port = lookup('memcached_authtoken_port', undef, undef, 11211),
$memcached_ipv6 = lookup('memcached_ipv6', undef, undef, false),
$security_strategy = lookup('memcached_authtoken_security_strategy', undef, undef, undef),
$secret_key = lookup('memcached_authtoken_secret_key', undef, undef, undef),
# DEPRECATED PARAMETERS
$memcached_ips = undef
) {
$memcached_hosts_real = any2array(pick($memcached_ips, $memcached_hosts))
if $step >= 3 {
if $memcached_ipv6 or $memcached_hosts_real[0] =~ Stdlib::Compat::Ipv6 {
$memcache_servers = $memcached_hosts_real.map |$server| { "inet6:[${server}]:${memcached_port}" }
} else {
$memcache_servers = suffix($memcached_hosts_real, ":${memcached_port}")
}
if $secret_key {
$hashed_secret_key = sha256("${secret_key}+aodh")
} else {
$hashed_secret_key = undef
}
class { 'aodh::keystone::authtoken':
memcached_servers => $memcache_servers,
memcache_security_strategy => $security_strategy,
memcache_secret_key => $hashed_secret_key,
}
}
}

59
manifests/profile/base/aodh/evaluator.pp
View File

@ -1,59 +0,0 @@
# Copyright 2016 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: tripleo::profile::base::aodh::evaluator
#
# aodh evaluator profile for tripleo
#
# === Parameters
#
# [*enable_internal_tls*]
# (Optional) Whether TLS in the internal network is enabled or not.
# Defaults to lookup('enable_internal_tls', undef, undef, false)
#
# [*aodh_redis_password*]
# (Optional) redis password to configure coordination url
# Defaults to lookup('aodh_redis_password')
#
# [*redis_vip*]
# (Optional) redis vip to configure coordination url
# Defaults to lookup('redis_vip')
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
# Defaults to lookup('step')
#
class tripleo::profile::base::aodh::evaluator (
$enable_internal_tls = lookup('enable_internal_tls', undef, undef, false),
$aodh_redis_password = lookup('aodh_redis_password'),
$redis_vip = lookup('redis_vip'),
$step = Integer(lookup('step')),
) {
include tripleo::profile::base::aodh
if $enable_internal_tls {
$tls_query_param = '?ssl=true'
} else {
$tls_query_param = ''
}
if $step >= 4 {
class { 'aodh::coordination':
backend_url => join(['redis://:', $aodh_redis_password, '@', normalize_ip_for_uri($redis_vip), ':6379/', $tls_query_param]),
}
include aodh::evaluator
}
}

36
manifests/profile/base/aodh/listener.pp
View File

@ -1,36 +0,0 @@
# Copyright 2016 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: tripleo::profile::base::aodh::listener
#
# aodh listener profile for tripleo
#
# === Parameters
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
# Defaults to Integer(lookup('step'))
#
class tripleo::profile::base::aodh::listener (
$step = Integer(lookup('step')),
) {
include tripleo::profile::base::aodh
if $step >= 4 {
include aodh::listener
}
}

36
manifests/profile/base/aodh/notifier.pp
View File

@ -1,36 +0,0 @@
# Copyright 2016 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: tripleo::profile::base::aodh::notifier
#
# aodh notifier profile for tripleo
#
# === Parameters
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
# Defaults to Integer(lookup('step'))
#
class tripleo::profile::base::aodh::notifier (
$step = Integer(lookup('step')),
) {
include tripleo::profile::base::aodh
if $step >= 4 {
include aodh::notifier
}
}

51
manifests/profile/base/apache.pp
View File

@ -1,51 +0,0 @@
# Copyright 2017 Camptocamp SA.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class tripleo::profile::base::apache
#
# Common apache modules and configuration for API listeners
#
# === Parameters
#
# [*enable_status_listener*]
# Enable or not the localhost listener in httpd.
# Accepted values: Boolean.
# Default to false.
#
# [*status_listener*]
# Where should apache listen for status page
# Default to 127.0.0.1:80
#
# [*mpm_module*]
# The MPM module to use.
# Default to prefork.
class tripleo::profile::base::apache(
Boolean $enable_status_listener = false,
String $status_listener = '127.0.0.1:80',
String $mpm_module = 'prefork',
) {
include apache::params
class { 'apache':
mpm_module => $mpm_module,
}
include apache::mod::status
include apache::mod::ssl
if $enable_status_listener {
if !defined(Apache::Listen[$status_listener]) {
::apache::listen {$status_listener: }
}
}
}

36
manifests/profile/base/barbican.pp
View File

@ -1,36 +0,0 @@
# Copyright 2016 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: tripleo::profile::base::barbican
#
# Barbican profile for tripleo
#
# === Parameters
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
# Defaults to Integer(lookup('step'))
#
class tripleo::profile::base::barbican (
$step = Integer(lookup('step')),
) {
if $step >= 3 {
include barbican
include barbican::config
include barbican::db
}
}

181
manifests/profile/base/barbican/api.pp
View File

@ -1,181 +0,0 @@
# Copyright 2016 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: tripleo::profile::base::barbican::api
#
# Barbican profile for tripleo api
#
# === Parameters
#
# [*barbican_network*]
# (Optional) The network name where the barbican endpoint is listening on.
# This is set by t-h-t.
# Defaults to lookup('barbican_api_network', undef, undef, undef)
#
# [*bootstrap_node*]
# (Optional) The hostname of the node responsible for bootstrapping tasks
# Defaults to lookup('barbican_api_bootstrap_node_name', undef, undef, undef)
#
# [*certificates_specs*]
# (Optional) The specifications to give to certmonger for the certificate(s)
# it will create.
# Example with hiera:
# apache_certificates_specs:
# httpd-internal_api:
# hostname: <overcloud controller fqdn>
# service_certificate: <service certificate path>
# service_key: <service key path>
# principal: "haproxy/<overcloud controller fqdn>"
# Defaults to lookup('apache_certificates_specs', undef, undef, {}).
#
# [*enable_internal_tls*]
# (Optional) Whether TLS in the internal network is enabled or not.
# Defaults to lookup('enable_internal_tls', undef, undef, false)
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
# Defaults to Integer(lookup('step'))
#
# [*oslomsg_rpc_proto*]
# Protocol driver for the oslo messaging rpc service
# Defaults to lookup('oslo_messaging_rpc_scheme', undef, undef, 'rabbit')
#
# [*oslomsg_rpc_hosts*]
# list of the oslo messaging rpc host fqdns
# Defaults to any2array(lookup('oslo_messaging_rpc_node_names', unef, undef, undef))
#
# [*oslomsg_rpc_port*]
# IP port for oslo messaging rpc service
# Defaults to lookup('oslo_messaging_rpc_port', undef, undef, '5672')
#
# [*oslomsg_rpc_username*]
# Username for oslo messaging rpc service
# Defaults to lookup('oslo_messaging_rpc_user_name', undef, undef, 'guest')
#
# [*oslomsg_rpc_password*]
# Password for oslo messaging rpc service
# Defaults to lookup('oslo_messaging_rpc_password')
#
# [*oslomsg_rpc_use_ssl*]
# Enable ssl oslo messaging services
# Defaults to lookup('oslo_messaging_rpc_use_ssl', undef, undef, '0')
#
# [*oslomsg_notify_proto*]
# Protocol driver for the oslo messaging notify service
# Defaults to lookup('oslo_messaging_notify_scheme', undef, undef, 'rabbit')
#
# [*oslomsg_notify_hosts*]
# list of the oslo messaging notify host fqdns
# Defaults to any2array(lookup('oslo_messaging_notify_node_names', undef, undef, undef))
#
# [*oslomsg_notify_port*]
# IP port for oslo messaging notify service
# Defaults to lookup('oslo_messaging_notify_port', undef, undef, '5672')
#
# [*oslomsg_notify_username*]
# Username for oslo messaging notify service
# Defaults to lookup('oslo_messaging_notify_user_name', undef, undef, 'guest')
#
# [*oslomsg_notify_password*]
# Password for oslo messaging notify service
# Defaults to lookup('oslo_messaging_notify_password')
#
# [*oslomsg_notify_use_ssl*]
# Enable ssl oslo messaging services
# Defaults to lookup('oslo_messaging_notify_use_ssl', undef, undef, '0')
#
# [*configure_apache*]
# (Optional) Whether apache is configured via puppet or not.
# Defaults to lookup('configure_apache', undef, undef, true)
#
class tripleo::profile::base::barbican::api (
$barbican_network = lookup('barbican_api_network', undef, undef, undef),
$bootstrap_node = lookup('barbican_api_bootstrap_node_name', undef, undef, undef),
$certificates_specs = lookup('apache_certificates_specs', undef, undef, {}),
$enable_internal_tls = lookup('enable_internal_tls', undef, undef, false),
$step = Integer(lookup('step')),
$oslomsg_rpc_proto = lookup('oslo_messaging_rpc_scheme', undef, undef, 'rabbit'),
$oslomsg_rpc_hosts = any2array(lookup('oslo_messaging_rpc_node_names', undef, undef, undef)),
$oslomsg_rpc_password = lookup('oslo_messaging_rpc_password'),
$oslomsg_rpc_port = lookup('oslo_messaging_rpc_port', undef, undef, '5672'),
$oslomsg_rpc_username = lookup('oslo_messaging_rpc_user_name', undef, undef, 'guest'),
$oslomsg_rpc_use_ssl = lookup('oslo_messaging_rpc_use_ssl', undef, undef, '0'),
$oslomsg_notify_proto = lookup('oslo_messaging_notify_scheme', undef, undef, 'rabbit'),
$oslomsg_notify_hosts = any2array(lookup('oslo_messaging_notify_node_names', undef, undef, undef)),
$oslomsg_notify_password = lookup('oslo_messaging_notify_password'),
$oslomsg_notify_port = lookup('oslo_messaging_notify_port', undef, undef, '5672'),
$oslomsg_notify_username = lookup('oslo_messaging_notify_user_name', undef, undef, 'guest'),
$oslomsg_notify_use_ssl = lookup('oslo_messaging_notify_use_ssl', undef, undef, '0'),
$configure_apache = lookup('configure_apache', undef, undef, true),
) {
if $bootstrap_node and $::hostname == downcase($bootstrap_node) {
$sync_db = true
} else {
$sync_db = false
}
if $enable_internal_tls {
if !$barbican_network {
fail('barbican_api_network is not set in the hieradata.')
}
$tls_certfile = $certificates_specs["httpd-${barbican_network}"]['service_certificate']
$tls_keyfile = $certificates_specs["httpd-${barbican_network}"]['service_key']
} else {
$tls_certfile = undef
$tls_keyfile = undef
}
include tripleo::profile::base::barbican
include tripleo::profile::base::barbican::authtoken
if $step >= 4 or ( $step >= 3 and $sync_db ) {
include tripleo::profile::base::barbican::backends
$oslomsg_rpc_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_rpc_use_ssl)))
$oslomsg_notify_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_notify_use_ssl)))
class { 'barbican::api':
sync_db => $sync_db,
default_transport_url => os_transport_url({
'transport' => $oslomsg_rpc_proto,
'hosts' => $oslomsg_rpc_hosts,
'port' => $oslomsg_rpc_port,
'username' => $oslomsg_rpc_username,
'password' => $oslomsg_rpc_password,
'ssl' => $oslomsg_rpc_use_ssl_real,
}),
notification_transport_url => os_transport_url({
'transport' => $oslomsg_notify_proto,
'hosts' => $oslomsg_notify_hosts,
'port' => $oslomsg_notify_port,
'username' => $oslomsg_notify_username,
'password' => $oslomsg_notify_password,
'ssl' => $oslomsg_notify_use_ssl_real,
}),
multiple_secret_stores_enabled => true,
enabled_secret_stores => $::tripleo::profile::base::barbican::backends::enabled_secret_stores,
}
include barbican::api::logging
include barbican::healthcheck
include barbican::keystone::notification
include barbican::quota
if $configure_apache {
include tripleo::profile::base::apache
class { 'barbican::wsgi::apache':
ssl_cert => $tls_certfile,
ssl_key => $tls_keyfile,
}
}
}
}

84
manifests/profile/base/barbican/authtoken.pp
View File

@ -1,84 +0,0 @@
# Copyright 2019 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: tripleo::profile::base::barbican::authtoken
#
# Barbican authtoken profile for TripleO
#
# === Parameters
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
# Defaults to Integer(lookup('step'))
#
# [*memcached_hosts*]
# (Optional) Array of hostnames, ipv4 or ipv6 addresses for memcache.
# Defaults to lookup('memcached_node_names', undef, undef, [])
#
# [*memcached_port*]
# (Optional) Memcached port to use.
# Defaults to lookup('memcached_authtoken_port', undef, undef, 11211)
#
# [*memcached_ipv6*]
# (Optional) Whether Memcached uses IPv6 network instead of IPv4 network.
# Defauls to lookup('memcached_ipv6', undef, undef, false)
#
# [*security_strategy*]
# (Optional) Memcached (authtoken) security strategy.
# Defaults to lookup('memcached_authtoken_security_strategy', undef, undef, undef)
#
# [*secret_key*]
# (Optional) Memcached (authtoken) secret key, used with security_strategy.
# The key is hashed with a salt, to isolate services.
# Defaults to lookup('memcached_authtoken_secret_key', undef, undef, undef)
#
# DEPRECATED PARAMETERS
#
# [*memcached_ips*]
# (Optional) Array of ipv4 or ipv6 addresses for memcache.
# Defaults to undef
#
class tripleo::profile::base::barbican::authtoken (
$step = Integer(lookup('step')),
$memcached_hosts = lookup('memcached_node_names', undef, undef, []),
$memcached_port = lookup('memcached_authtoken_port', undef, undef, 11211),
$memcached_ipv6 = lookup('memcached_ipv6', undef, undef, false),
$security_strategy = lookup('memcached_authtoken_security_strategy', undef, undef, undef),
$secret_key = lookup('memcached_authtoken_secret_key', undef, undef, undef),
# DEPRECATED PARAMETERS
$memcached_ips = undef
) {
$memcached_hosts_real = any2array(pick($memcached_ips, $memcached_hosts))
if $step >= 3 {
if $memcached_ipv6 or $memcached_hosts_real[0] =~ Stdlib::Compat::Ipv6 {
$memcache_servers = $memcached_hosts_real.map |$server| { "inet6:[${server}]:${memcached_port}" }
} else {
$memcache_servers = suffix($memcached_hosts_real, ":${memcached_port}")
}
if $secret_key {
$hashed_secret_key = sha256("${secret_key}+barbican")
} else {
$hashed_secret_key = undef
}
class { 'barbican::keystone::authtoken':
memcached_servers => $memcache_servers,
memcache_security_strategy => $security_strategy,
memcache_secret_key => $hashed_secret_key,
}
}
}

77
manifests/profile/base/barbican/backends.pp
View File

@ -1,77 +0,0 @@
# Copyright 2017 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: tripleo::profile::base::barbican::backends
#
# Barbican's secret store plugin profile for tripleo
#
# === Parameters
#
# [*simple_crypto_backend_enabled*]
# (Optional) Whether the simple crypto backend is enabled or not. This is
# dynamically set via t-h-t.
# Defaults to lookup('barbican_backend_simple_crypto_enabled', undef, undef, false)
#
# [*dogtag_backend_enabled*]
# (Optional) Whether the Dogtag backend is enabled or not. This is
# dynamically set via t-h-t.
# Defaults to lookup('barbican_backend_dogtag_enabled', undef, undef, false)
#
# [*p11_crypto_backend_enabled*]
# (Optional) Whether the pkcs11 crypto backend is enabled or not. This is
# dynamically set via t-h-t.
# Defaults to lookup('barbican_backend_pkcs11_crypto_enabled', undef, undef, false)
#
# [*kmip_backend_enabled*]
# (Optional) Whether the KMIP backend is enabled or not. This is
# dynamically set via t-h-t.
# Defaults to lookup('barbican_backend_kmip_enabled', undef, undef, false)
#
class tripleo::profile::base::barbican::backends (
$simple_crypto_backend_enabled = lookup('barbican_backend_simple_crypto_enabled', undef, undef, false),
$dogtag_backend_enabled = lookup('barbican_backend_dogtag_enabled', undef, undef, false),
$p11_crypto_backend_enabled = lookup('barbican_backend_pkcs11_crypto_enabled', undef, undef, false),
$kmip_backend_enabled = lookup('barbican_backend_kmip_enabled', undef, undef, false),
) {
if $simple_crypto_backend_enabled {
include barbican::plugins::simple_crypto
$backend1 = 'simple_crypto'
} else {
$backend1 = undef
}
if $dogtag_backend_enabled {
include barbican::plugins::dogtag
$backend2 = 'dogtag'
} else {
$backend2 = undef
}
if $p11_crypto_backend_enabled {
include barbican::plugins::p11_crypto
$backend3 = 'pkcs11'
} else {
$backend3 = undef
}
if $kmip_backend_enabled {
include barbican::plugins::kmip
$backend4 = 'kmip'
} else {
$backend4 = undef
}
$enabled_backends_list = delete_undef_values([$backend1, $backend2, $backend3, $backend4])
$enabled_secret_stores = join($enabled_backends_list, ',')
}

155
manifests/profile/base/ceilometer.pp
View File

@ -1,155 +0,0 @@
# Copyright 2016 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: tripleo::profile::base::ceilometer
#
# Ceilometer profile for tripleo
#
# === Parameters
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
# Defaults to Integer(lookup('step'))
#
# [*oslomsg_rpc_proto*]
# Protocol driver for the oslo messaging rpc service
# Defaults to lookup('oslo_messaging_rpc_scheme', undef, undef, 'rabbit')
#
# [*oslomsg_rpc_hosts*]
# list of the oslo messaging rpc host fqdns
# Defaults to any2array(lookup('oslo_messaging_rpc_node_names', undef, undef, undef))
#
# [*oslomsg_rpc_port*]
# IP port for oslo messaging rpc service
# Defaults to lookup('oslo_messaging_rpc_port', undef, undef, '5672')
#
# [*oslomsg_rpc_username*]
# Username for oslo messaging rpc service
# Defaults to lookup('oslo_messaging_rpc_user_name', undef, undef, 'guest')
#
# [*oslomsg_rpc_password*]
# Password for oslo messaging rpc service
# Defaults to lookup('oslo_messaging_rpc_password')
#
# [*oslomsg_rpc_use_ssl*]
# Enable ssl oslo messaging services
# Defaults to lookup('oslo_messaging_rpc_use_ssl', undef, undef, '0')
#
# [*oslomsg_notify_proto*]
# Protocol driver for the oslo messaging notify service
# Defaults to lookup('oslo_messaging_notify_scheme', undef, undef, 'rabbit')
#
# [*oslomsg_notify_hosts*]
# list of the oslo messaging notify host fqdns
# Defaults to any2array(lookup('oslo_messaging_notify_node_names', undef, undef, undef))
#
# [*oslomsg_notify_port*]
# IP port for oslo messaging notify service
# Defaults to lookup('oslo_messaging_notify_port', undef, undef, '5672')
#
# [*oslomsg_notify_username*]
# Username for oslo messaging notify service
# Defaults to lookup('oslo_messaging_notify_user_name', undef, undef, 'guest')
#
# [*oslomsg_notify_password*]
# Password for oslo messaging notify service
# Defaults to lookup('oslo_messaging_notify_password')
#
# [*oslomsg_notify_use_ssl*]
# Enable ssl oslo messaging services
# Defaults to lookup('oslo_messaging_notify_use_ssl', undef, undef, '0')
#
# [*memcached_hosts*]
# (Optional) Array of hostnames, ipv4 or ipv6 addresses for memcache.
# Defaults to lookup('memcached_node_names', undef, undef, [])
#
# [*memcached_port*]
# (Optional) Memcached port to use.
# Defaults to lookup('memcached_port', undef, undef, 11211)
#
# [*memcached_ipv6*]
# (Optional) Whether Memcached uses IPv6 network instead of IPv4 network.
# Defauls to lookup('memcached_ipv6', undef, undef, false)
#
# [*cache_backend*]
# (Optional) oslo.cache backend used for caching.
# Defaults to lookup('ceilometer::cache::backend', undef, undef, false)
#
class tripleo::profile::base::ceilometer (
$step = Integer(lookup('step')),
$oslomsg_rpc_proto = lookup('oslo_messaging_rpc_scheme', undef, undef, 'rabbit'),
$oslomsg_rpc_hosts = any2array(lookup('oslo_messaging_rpc_node_names', undef, undef, undef)),
$oslomsg_rpc_password = lookup('oslo_messaging_rpc_password'),
$oslomsg_rpc_port = lookup('oslo_messaging_rpc_port', undef, undef, '5672'),
$oslomsg_rpc_username = lookup('oslo_messaging_rpc_user_name', undef, undef, 'guest'),
$oslomsg_rpc_use_ssl = lookup('oslo_messaging_rpc_use_ssl', undef, undef, '0'),
$oslomsg_notify_proto = lookup('oslo_messaging_notify_scheme', undef, undef, 'rabbit'),
$oslomsg_notify_hosts = any2array(lookup('oslo_messaging_notify_node_names', undef, undef, undef)),
$oslomsg_notify_password = lookup('oslo_messaging_notify_password'),
$oslomsg_notify_port = lookup('oslo_messaging_notify_port', undef, undef, '5672'),
$oslomsg_notify_username = lookup('oslo_messaging_notify_user_name', undef, undef, 'guest'),
$oslomsg_notify_use_ssl = lookup('oslo_messaging_notify_use_ssl', undef, undef, '0'),
$memcached_hosts = lookup('memcached_node_names', undef, undef, []),
$memcached_port = lookup('memcached_port', undef, undef, 11211),
$memcached_ipv6 = lookup('memcached_ipv6', undef, undef, false),
$cache_backend = lookup('ceilometer::cache::backend', undef, undef, false),
) {
$memcached_hosts_real = any2array($memcached_hosts)
if $step >= 3 {
$oslomsg_rpc_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_rpc_use_ssl)))
$oslomsg_notify_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_notify_use_ssl)))
if $memcached_ipv6 or $memcached_hosts_real[0] =~ Stdlib::Compat::Ipv6 {
if $cache_backend in ['oslo_cache.memcache_pool', 'dogpile.cache.memcached'] {
# NOTE(tkajinm): The inet6 prefix is required for backends using
# python-memcached
$cache_memcache_servers = $memcached_hosts_real.map |$server| { "inet6:[${server}]:${memcached_port}" }
} else {
# NOTE(tkajinam): The other backends like pymemcache don't require
# the inet6 prefix
$cache_memcache_servers = suffix(any2array(normalize_ip_for_uri($memcached_hosts_real)), ":${memcached_port}")
}
} else {
$cache_memcache_servers = suffix(any2array(normalize_ip_for_uri($memcached_hosts_real)), ":${memcached_port}")
}
class { 'ceilometer::cache':
memcache_servers => $cache_memcache_servers
}
class { 'ceilometer' :
default_transport_url => os_transport_url({
'transport' => $oslomsg_rpc_proto,
'hosts' => $oslomsg_rpc_hosts,
'port' => $oslomsg_rpc_port,
'username' => $oslomsg_rpc_username,
'password' => $oslomsg_rpc_password,
'ssl' => $oslomsg_rpc_use_ssl_real,
}),
notification_transport_url => os_transport_url({
'transport' => $oslomsg_notify_proto,
'hosts' => $oslomsg_notify_hosts,
'port' => $oslomsg_notify_port,
'username' => $oslomsg_notify_username,
'password' => $oslomsg_notify_password,
'ssl' => $oslomsg_notify_use_ssl_real,
}),
}
include ceilometer::config
include ceilometer::logging
}
}

111
manifests/profile/base/ceilometer/agent/notification.pp
View File

@ -1,111 +0,0 @@
# Copyright 2016 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: tripleo::profile::base::ceilometer::agent::notification
#
# Ceilometer Notification Agent profile for tripleo
#
# === Parameters
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
# Defaults to Integer(lookup('step'))
#
# [*notifier_enabled*]
# (optional) Enable configuration of notifier as pipeline publisher.
# Defaults to false
#
# [*notifier_events_enabled*]
# (optional) Enable configuration of event notifier as pipeline publisher.
# Defaults to false
#
# [*notifier_host_addr*]
# (optional) IP address of Ceilometer notifier (edge qdr Endpoint)
# Defaults to undef
#
# [*notifier_host_port*]
# (optional) Ceilometer notifier port
# Defaults to undef
#
# [*notifier_params*]
# (optional) Query parameters for notifier URL
# Defaults to {'driver' => 'amqp', 'topic' => 'ceilometer/metering.sample'}
#
# [*notifier_event_params*]
# (optional) Query parameters for event notifier URL
# Defaults to {'driver' => 'amqp', 'topic' => 'ceilometer/event.sample'}
#
# [*event_pipeline_publishers*]
# (Optional) A list of event pipeline publishers
# Defaults to undef
#
# [*pipeline_publishers*]
# (Optional) A list of pipeline publishers
# Defaults to undef
#
class tripleo::profile::base::ceilometer::agent::notification (
$step = Integer(lookup('step')),
$notifier_enabled = false,
$notifier_events_enabled = false,
$notifier_host_addr = undef,
$notifier_host_port = undef,
$notifier_params = {'driver' => 'amqp', 'topic' => 'ceilometer/metering.sample'},
$notifier_event_params = {'driver' => 'amqp', 'topic' => 'ceilometer/event.sample'},
$pipeline_publishers = undef,
$event_pipeline_publishers = undef,
) {
include tripleo::profile::base::ceilometer
if $step >= 4 {
include ceilometer::agent::service_credentials
if $pipeline_publishers {
$other_publishers = Array($pipeline_publishers, true)
} else {
$other_publishers = []
}
if $notifier_enabled {
$real_pipeline_publishers = $other_publishers + [os_transport_url({
'transport' => 'notifier',
'host' => $notifier_host_addr,
'port' => $notifier_host_port,
'query' => $notifier_params,
})]
} else {
$real_pipeline_publishers = $other_publishers
}
if $event_pipeline_publishers {
$other_event_publishers = Array($event_pipeline_publishers, true)
} else {
$other_event_publishers = []
}
if $notifier_events_enabled {
$real_event_pipeline_publishers = $other_event_publishers + [os_transport_url({
'transport' => 'notifier',
'host' => $notifier_host_addr,
'port' => $notifier_host_port,
'query' => $notifier_event_params,
})]
} else {
$real_event_pipeline_publishers = $other_event_publishers
}
class { 'ceilometer::agent::notification':
event_pipeline_publishers => $real_event_pipeline_publishers,
pipeline_publishers => $real_pipeline_publishers,
}
}
}

78
manifests/profile/base/ceilometer/agent/polling.pp
View File

@ -1,78 +0,0 @@
# Copyright 2016 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: tripleo::profile::base::ceilometer::agent::polling
#
# Ceilometer polling Agent profile for tripleo
#
# === Parameters
#
# [*central_namespace*]
# (Optional) Use central namespace for polling agent.
# Defaults to lookup('central_namespace', undef, undef, false)
#
# [*compute_namespace*]
# (Optional) Use compute namespace for polling agent.
# Defaults to lookup('compute_namespace', undef, undef, false)
#
# [*enable_internal_tls*]
# (Optional) Whether TLS in the internal network is enabled or not.
# Defaults to lookup('enable_internal_tls', undef, undef, false)
#
# [*ipmi_namespace*]
# (Optional) Use ipmi namespace for polling agent.
# Defaults to lookup('ipmi_namespace', undef, undef, false)
#
# [*ceilometer_redis_password*]
# (Optional) redis password to configure coordination url
# Defaults to lookup('ceilometer_redis_password')
#
# [*redis_vip*]
# (Optional) redis vip to configure coordination url
# Defaults to lookup('redis_vip')
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
# Defaults to Integer(lookup('step'))
#
class tripleo::profile::base::ceilometer::agent::polling (
$central_namespace = lookup('central_namespace', undef, undef, false),
$compute_namespace = lookup('compute_namespace', undef, undef, false),
$enable_internal_tls = lookup('enable_internal_tls', undef, undef, false),
$ipmi_namespace = lookup('ipmi_namespace', undef, undef, false),
$ceilometer_redis_password = lookup('ceilometer_redis_password'),
$redis_vip = lookup('redis_vip'),
$step = Integer(lookup('step')),
) {
include tripleo::profile::base::ceilometer
if $enable_internal_tls {
$tls_query_param = '?ssl=true'
} else {
$tls_query_param = ''
}
if $step >= 4 {
include ceilometer::agent::service_credentials
class { 'ceilometer::coordination':
backend_url => join(['redis://:', $ceilometer_redis_password, '@', normalize_ip_for_uri($redis_vip), ':6379/', $tls_query_param]),
}
class { 'ceilometer::agent::polling':
central_namespace => $central_namespace,
compute_namespace => $compute_namespace,
ipmi_namespace => $ipmi_namespace,
}
}
}

142
manifests/profile/base/cinder.pp
View File

@ -1,142 +0,0 @@
# Copyright 2016 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: tripleo::profile::base::cinder
#
# Cinder common profile for tripleo
#
# === Parameters
#
# [*bootstrap_node*]
# (Optional) The hostname of the node responsible for bootstrapping tasks
# Defaults to lookup('cinder_api_short_bootstrap_node_name', undef, undef, undef)
#
# [*cinder_enable_db_purge*]
# (Optional) Whether to enable db purging
# Defaults to true
#
# [*step*]
# (Optional) The current step of the deployment
# Defaults to Integer(lookup('step'))
#
# [*oslomsg_rpc_proto*]
# Protocol driver for the oslo messaging rpc service
# Defaults to lookup('oslo_messaging_rpc_scheme', undef, undef, 'rabbit')
#
# [*oslomsg_rpc_hosts*]
# list of the oslo messaging rpc host fqdns
# Defaults to any2array(lookup('oslo_messaging_rpc_node_names', undef, undef, undef))
#
# [*oslomsg_rpc_port*]
# IP port for oslo messaging rpc service
# Defaults to lookup('oslo_messaging_rpc_port', undef, undef, '5672')
#
# [*oslomsg_rpc_username*]
# Username for oslo messaging rpc service
# Defaults to lookup('oslo_messaging_rpc_user_name', undef, undef, 'guest')
#
# [*oslomsg_rpc_password*]
# Password for oslo messaging rpc service
# Defaults to lookup('oslo_messaging_rpc_password')
#
# [*oslomsg_rpc_use_ssl*]
# Enable ssl oslo messaging services
# Defaults to lookup('oslo_messaging_rpc_use_ssl', undef, undef, '0')
#
# [*oslomsg_notify_proto*]
# Protocol driver for the oslo messaging notify service
# Defaults to lookup('oslo_messaging_notify_scheme', undef, undef, 'rabbit')
#
# [*oslomsg_notify_hosts*]
# list of the oslo messaging notify host fqdns
# Defaults to any2array(lookup('oslo_messaging_notify_node_names', undef, undef, undef))
#
# [*oslomsg_notify_port*]
# IP port for oslo messaging notify service
# Defaults to lookup('oslo_messaging_notify_port', undef, undef, '5672')
#
# [*oslomsg_notify_username*]
# Username for oslo messaging notify service
# Defaults to lookup('oslo_messaging_notify_user_name', undef, undef, 'guest')
#
# [*oslomsg_notify_password*]
# Password for oslo messaging notify service
# Defaults to lookup('oslo_messaging_notify_password')
#
# [*oslomsg_notify_use_ssl*]
# Enable ssl oslo messaging services
# Defaults to lookup('oslo_messaging_notify_use_ssl', undef, undef, '0')
class tripleo::profile::base::cinder (
$bootstrap_node = lookup('cinder_api_short_bootstrap_node_name', undef, undef, undef),
$cinder_enable_db_purge = true,
$step = Integer(lookup('step')),
$oslomsg_rpc_proto = lookup('oslo_messaging_rpc_scheme', undef, undef, 'rabbit'),
$oslomsg_rpc_hosts = any2array(lookup('oslo_messaging_rpc_node_names', undef, undef, undef)),
$oslomsg_rpc_password = lookup('oslo_messaging_rpc_password'),
$oslomsg_rpc_port = lookup('oslo_messaging_rpc_port', undef, undef, '5672'),
$oslomsg_rpc_username = lookup('oslo_messaging_rpc_user_name', undef, undef, 'guest'),
$oslomsg_rpc_use_ssl = lookup('oslo_messaging_rpc_use_ssl', undef, undef, '0'),
$oslomsg_notify_proto = lookup('oslo_messaging_notify_scheme', undef, undef, 'rabbit'),
$oslomsg_notify_hosts = any2array(lookup('oslo_messaging_notify_node_names', undef, undef, undef)),
$oslomsg_notify_password = lookup('oslo_messaging_notify_password'),
$oslomsg_notify_port = lookup('oslo_messaging_notify_port', undef, undef, '5672'),
$oslomsg_notify_username = lookup('oslo_messaging_notify_user_name', undef, undef, 'guest'),
$oslomsg_notify_use_ssl = lookup('oslo_messaging_notify_use_ssl', undef, undef, '0'),
) {
if $bootstrap_node and $::hostname == downcase($bootstrap_node) {
$sync_db = true
} else {
$sync_db = false
}
if $step >= 4 or ($step >= 3 and $sync_db) {
$oslomsg_rpc_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_rpc_use_ssl)))
$oslomsg_notify_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_notify_use_ssl)))
class { 'cinder' :
default_transport_url => os_transport_url({
'transport' => $oslomsg_rpc_proto,
'hosts' => $oslomsg_rpc_hosts,
'port' => $oslomsg_rpc_port,
'username' => $oslomsg_rpc_username,
'password' => $oslomsg_rpc_password,
'ssl' => $oslomsg_rpc_use_ssl_real,
}),
notification_transport_url => os_transport_url({
'transport' => $oslomsg_notify_proto,
'hosts' => $oslomsg_notify_hosts,
'port' => $oslomsg_notify_port,
'username' => $oslomsg_notify_username,
'password' => $oslomsg_notify_password,
'ssl' => $oslomsg_notify_use_ssl_real,
}),
}
include cinder::config
include cinder::db
include cinder::glance
include cinder::nova
include cinder::logging
include cinder::quota
include cinder::keystone::service_user
include cinder::key_manager
include cinder::key_manager::barbican
}
if $step >= 5 {
if $cinder_enable_db_purge {
include cinder::cron::db_purge
}
}
}

97
manifests/profile/base/cinder/api.pp
View File

@ -1,97 +0,0 @@
# Copyright 2016 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: tripleo::profile::base::cinder::api
#
# Cinder API profile for tripleo
#
# === Parameters
#
# [*bootstrap_node*]
# (Optional) The hostname of the node responsible for bootstrapping tasks
# Defaults to lookup('cinder_api_short_bootstrap_node_name', undef, undef, undef)
#
# [*certificates_specs*]
# (Optional) The specifications to give to certmonger for the certificate(s)
# it will create.
# Example with hiera:
# apache_certificates_specs:
# httpd-internal_api:
# hostname: <overcloud controller fqdn>
# service_certificate: <service certificate path>
# service_key: <service key path>
# principal: "haproxy/<overcloud controller fqdn>"
# Defaults to lookup('apache_certificates_specs', undef, undef, {}).
#
# [*cinder_api_network*]
# (Optional) The network name where the cinder API endpoint is listening on.
# This is set by t-h-t.
# Defaults to lookup('cinder_api_network', undef, undef, undef)
#
# [*enable_internal_tls*]
# (Optional) Whether TLS in the internal network is enabled or not.
# Defaults to lookup('enable_internal_tls', undef, undef, false)
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
# Defaults to Integer(lookup('step'))
#
# [*configure_apache*]
# (Optional) Whether apache is configured via puppet or not.
# Defaults to lookup('configure_apache', undef, undef, true)
#
class tripleo::profile::base::cinder::api (
$bootstrap_node = lookup('cinder_api_short_bootstrap_node_name', undef, undef, undef),
$certificates_specs = lookup('apache_certificates_specs', undef, undef, {}),
$cinder_api_network = lookup('cinder_api_network', undef, undef, undef),
$enable_internal_tls = lookup('enable_internal_tls', undef, undef, false),
$step = Integer(lookup('step')),
$configure_apache = lookup('configure_apache', undef, undef, true),
) {
if $bootstrap_node and $::hostname == downcase($bootstrap_node) {
$sync_db = true
} else {
$sync_db = false
}
include tripleo::profile::base::cinder
include tripleo::profile::base::cinder::authtoken
if $enable_internal_tls {
if !$cinder_api_network {
fail('cinder_api_network is not set in the hieradata.')
}
$tls_certfile = $certificates_specs["httpd-${cinder_api_network}"]['service_certificate']
$tls_keyfile = $certificates_specs["httpd-${cinder_api_network}"]['service_key']
} else {
$tls_certfile = undef
$tls_keyfile = undef
}
if $step >= 4 or ($step >= 3 and $sync_db) {
class { 'cinder::api':
sync_db => $sync_db,
}
include cinder::healthcheck
if $configure_apache {
include tripleo::profile::base::apache
class { 'cinder::wsgi::apache':
ssl_cert => $tls_certfile,
ssl_key => $tls_keyfile,
}
}
}
}

84
manifests/profile/base/cinder/authtoken.pp
View File

@ -1,84 +0,0 @@
# Copyright 2019 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: tripleo::profile::base::cinder::authtoken
#
# Cinder authtoken profile for TripleO
#
# === Parameters
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
# Defaults to Integer(lookup('step'))
#
# [*memcached_hosts*]
# (Optional) Array of hostnames, ipv4 or ipv6 addresses for memcache.
# Defaults to lookup('memcached_node_names', undef, undef, [])
#
# [*memcached_port*]
# (Optional) Memcached port to use.
# Defaults to lookup('memcached_authtoken_port', undef, undef, 11211)
#
# [*memcached_ipv6*]
# (Optional) Whether Memcached uses IPv6 network instead of IPv4 network.
# Defaults to lookup('memcached_ipv6', undef, undef, false)
#
# [*security_strategy*]
# (Optional) Memcached (authtoken) security strategy.
# Defaults to lookup('memcached_authtoken_security_strategy', undef, undef, undef)
#
# [*secret_key*]
# (Optional) Memcached (authtoken) secret key, used with security_strategy.
# The key is hashed with a salt, to isolate services.
# Defaults to lookup('memcached_authtoken_secret_key', undef, undef, undef)
#
# DEPRECATED PARAMETERS
#
# [*memcached_ips*]
# (Optional) Array of ipv4 or ipv6 addresses for memcache.
# Defaults to undef
#
class tripleo::profile::base::cinder::authtoken (
$step = Integer(lookup('step')),
$memcached_hosts = lookup('memcached_node_names', undef, undef, []),
$memcached_port = lookup('memcached_authtoken_port', undef, undef, 11211),
$memcached_ipv6 = lookup('memcached_ipv6', undef, undef, false),
$security_strategy = lookup('memcached_authtoken_security_strategy', undef, undef, undef),
$secret_key = lookup('memcached_authtoken_secret_key', undef, undef, undef),
# DEPRECATED PARAMETERS
$memcached_ips = undef
) {
$memcached_hosts_real = any2array(pick($memcached_ips, $memcached_hosts))
if $step >= 3 {
if $memcached_ipv6 or $memcached_hosts_real[0] =~ Stdlib::Compat::Ipv6 {
$memcache_servers = $memcached_hosts_real.map |$server| { "inet6:[${server}]:${memcached_port}" }
} else {
$memcache_servers = suffix($memcached_hosts_real, ":${memcached_port}")
}
if $secret_key {
$hashed_secret_key = sha256("${secret_key}+cinder")
} else {
$hashed_secret_key = undef
}
class { 'cinder::keystone::authtoken':
memcached_servers => $memcache_servers,
memcache_security_strategy => $security_strategy,
memcache_secret_key => $hashed_secret_key,
}
}
}

36
manifests/profile/base/cinder/backup.pp
View File

@ -1,36 +0,0 @@
# Copyright 2016 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: tripleo::profile::base::cinder::backup
#
# Cinder Backup profile for tripleo
#
# === Parameters
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
# Defaults to Integer(lookup('step'))
#
class tripleo::profile::base::cinder::backup (
$step = Integer(lookup('step')),
) {
include tripleo::profile::base::cinder
if $step >= 4 {
include cinder::backup
}
}

36
manifests/profile/base/cinder/backup/ceph.pp
View File

@ -1,36 +0,0 @@
# Copyright 2016 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: tripleo::profile::base::cinder::backup::ceph
#
# Cinder Backup Ceph profile for tripleo
#
# === Parameters
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
# Defaults to Integer(lookup('step'))
#
class tripleo::profile::base::cinder::backup::ceph (
$step = Integer(lookup('step')),
) {
include tripleo::profile::base::cinder::backup
if $step >= 4 {
include cinder::backup::ceph
}
}

56
manifests/profile/base/cinder/backup/gcs.pp
View File

@ -1,56 +0,0 @@
# Copyright 2021 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: tripleo::profile::base::cinder::backup::gcs
#
# Cinder Backup Google Cloud Service (GCS) profile for tripleo
#
# === Parameters
#
# [*credentials*]
# (required) The GCS service account credentials, in JSON format.
#
# [*credential_file*]
# (Optional) Absolute path of GCS service account credential file, to
# be created with content from the credentials input.
# Defaults to '/etc/cinder/gcs-backup.json'
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
# Defaults to Integer(lookup('step'))
#
class tripleo::profile::base::cinder::backup::gcs (
$credentials,
$credential_file = '/etc/cinder/gcs-backup.json',
$step = Integer(lookup('step')),
) {
include tripleo::profile::base::cinder::backup
if $step >= 4 {
file { "${credential_file}" :
ensure => file,
content => to_json_pretty($credentials),
owner => 'root',
group => 'cinder',
mode => '0640',
}
class { 'cinder::backup::google':
backup_gcs_credential_file => $credential_file,
}
}
}

36
manifests/profile/base/cinder/backup/nfs.pp
View File

@ -1,36 +0,0 @@
# Copyright 2018 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: tripleo::profile::base::cinder::backup::nfs
#
# Cinder Backup NFS profile for tripleo
#
# === Parameters
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
# Defaults to Integer(lookup('step'))
#
class tripleo::profile::base::cinder::backup::nfs (
$step = Integer(lookup('step')),
) {
include tripleo::profile::base::cinder::backup
if $step >= 4 {
include cinder::backup::nfs
}
}

36
manifests/profile/base/cinder/backup/s3.pp
View File

@ -1,36 +0,0 @@
# Copyright 2021 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: tripleo::profile::base::cinder::backup::s3
#
# Cinder Backup S3 profile for tripleo
#
# === Parameters
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
# Defaults to Integer(lookup('step'))
#
class tripleo::profile::base::cinder::backup::s3 (
$step = Integer(lookup('step')),
) {
include tripleo::profile::base::cinder::backup
if $step >= 4 {
include cinder::backup::s3
}
}

36
manifests/profile/base/cinder/backup/swift.pp
View File

@ -1,36 +0,0 @@
# Copyright 2016 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: tripleo::profile::base::cinder::backup::swift
#
# Cinder Backup Swift profile for tripleo
#
# === Parameters
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
# Defaults to Integer(lookup('step'))
#
class tripleo::profile::base::cinder::backup::swift (
$step = Integer(lookup('step')),
) {
include tripleo::profile::base::cinder::backup
if $step >= 4 {
include cinder::backup::swift
}
}

35
manifests/profile/base/cinder/scheduler.pp
View File

@ -1,35 +0,0 @@
# Copyright 2016 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: tripleo::profile::base::cinder::scheduler
#
# Cinder Scheduler profile for tripleo
#
# === Parameters
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
# Defaults to Integer(lookup('step'))
#
class tripleo::profile::base::cinder::scheduler (
$step = Integer(lookup('step')),
) {
include tripleo::profile::base::cinder
if $step >= 4 {
include cinder::scheduler
}
}

346
manifests/profile/base/cinder/volume.pp
View File

@ -1,346 +0,0 @@
# Copyright 2022 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: tripleo::profile::base::cinder::volume
#
# Cinder Volume profile for tripleo
#
# === Parameters
#
# [*cinder_enable_pure_backend*]
# (Optional) Whether to enable the pure backend
# Defaults to false
#
# [*cinder_enable_dellemc_sc_backend*]
# (Optional) Whether to enable the sc backend
# Defaults to false
#
# [*cinder_enable_dellemc_unity_backend*]
# (Optional) Whether to enable the unity backend
# Defaults to false
#
# [*cinder_enable_dellemc_powerflex_backend*]
# (Optional) Whether to enable the powerflex backend
# Defaults to false
#
# [*cinder_enable_dellemc_powermax_backend*]
# (Optional) Whether to enable the powermax backend
# Defaults to false
#
# [*cinder_enable_dellemc_powerstore_backend*]
# (Optional) Whether to enable the powerstore backend
# Defaults to false
#
# [*cinder_enable_dellemc_vnx_backend*]
# (Optional) Whether to enable the vnx backend
# Defaults to false
#
# [*cinder_enable_dellemc_xtremio_backend*]
# (Optional) Whether to enable the xtremio backend
# Defaults to false
#
# [*cinder_enable_ibm_svf_backend*]
# (Optional) Whether to enable the ibm_svf backend
# Defaults to false
#
# [*cinder_enable_iscsi_backend*]
# (Optional) Whether to enable the iscsi backend
# Defaults to true
#
# [*cinder_enable_netapp_backend*]
# (Optional) Whether to enable the netapp backend
# Defaults to false
#
# [*cinder_enable_nfs_backend*]
# (Optional) Whether to enable the nfs backend
# Defaults to false
#
# [*cinder_enable_rbd_backend*]
# (Optional) Whether to enable the rbd backend
# Defaults to false
#
#[*cinder_enable_nvmeof_backend*]
# (Optional) Whether to enable the NVMeOF backend
# Defaults to false
#
# [*cinder_user_enabled_backends*]
# (Optional) List of additional backend stanzas to activate
# Defaults to lookup('cinder_user_enabled_backends', undef, undef, undef)
#
# [*cinder_volume_cluster*]
# (Optional) Name of the cluster when running in active-active mode
# Defaults to ''
#
# [*enable_internal_tls*]
# (Optional) Whether TLS in the internal network is enabled or not
# Defaults to lookup('enable_internal_tls', undef, undef, false)
#
# [*etcd_certificate_specs*]
# (optional) TLS certificate specs for the etcd service
# Defaults to lookup('tripleo::profile::base::etcd::certificate_specs', undef, undef, {})
#
# [*etcd_enabled*]
# (optional) Whether the etcd service is enabled or not
# Defaults to lookup('etcd_enabled', undef, undef, false)
#
# [*etcd_host*]
# (optional) IP address (VIP) of the etcd service
# Defaults to lookup('etcd_vip', undef, undef, undef)
#
# [*etcd_port*]
# (optional) Port used by the etcd service
# Defaults to lookup('tripleo::profile::base::etcd::client_port', undef, undef, '2379')
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
# Defaults to Integer(lookup('step'))
#
# DEPRECATED PARAMETERS
#
# [*cinder_rbd_client_name*]
# (Optional) Name of RBD client
# Defaults to undef
#
# [*cinder_rbd_ceph_conf_path*]
# (Optional) The path where the Ceph Cluster config files are stored on the host
# Defaults to undef
#
class tripleo::profile::base::cinder::volume (
$cinder_enable_pure_backend = false,
$cinder_enable_dellemc_sc_backend = false,
$cinder_enable_dellemc_unity_backend = false,
$cinder_enable_dellemc_powerflex_backend = false,
$cinder_enable_dellemc_powermax_backend = false,
$cinder_enable_dellemc_powerstore_backend = false,
$cinder_enable_dellemc_vnx_backend = false,
$cinder_enable_dellemc_xtremio_backend = false,
$cinder_enable_ibm_svf_backend = false,
$cinder_enable_iscsi_backend = true,
$cinder_enable_netapp_backend = false,
$cinder_enable_nfs_backend = false,
$cinder_enable_rbd_backend = false,
$cinder_enable_nvmeof_backend = false,
$cinder_user_enabled_backends = lookup('cinder_user_enabled_backends', undef, undef, undef),
$cinder_volume_cluster = '',
$enable_internal_tls = lookup('enable_internal_tls', undef, undef, false),
$etcd_certificate_specs = lookup('tripleo::profile::base::etcd::certificate_specs', undef, undef, {}),
$etcd_enabled = lookup('etcd_enabled', undef, undef, false),
$etcd_host = lookup('etcd_vip', undef, undef, undef),
$etcd_port = lookup('tripleo::profile::base::etcd::client_port', undef, undef, '2379'),
$step = Integer(lookup('step')),
# DEPRECATED PARAMETERS
$cinder_rbd_ceph_conf_path = undef,
$cinder_rbd_client_name = undef,
) {
include tripleo::profile::base::cinder
if $step >= 4 {
if $cinder_volume_cluster == '' {
$cinder_volume_cluster_real = undef
} else {
$cinder_volume_cluster_real = $cinder_volume_cluster
}
if $cinder_volume_cluster_real {
unless $etcd_enabled {
fail('Running cinder-volume in active-active mode with a cluster name requires the etcd service.')
}
if empty($etcd_host) {
fail('etcd_vip not set in hieradata')
}
case $::operatingsystemmajrelease {
# el8 uses etcd version 3.2, which supports v3alpha path
'8' : { $api_version = 'v3alpha' }
# el9 uses etcd version 3.4, which supports v3 path
default : { $api_version = 'v3' }
}
$options_init = "?api_version=${api_version}"
if $enable_internal_tls {
$protocol = 'https'
$tls_keyfile = $etcd_certificate_specs['service_key']
$tls_certfile = $etcd_certificate_specs['service_certificate']
$options_tls = sprintf('&cert_key=%s&cert_cert=%s', $tls_keyfile, $tls_certfile)
$options = "${options_init}${options_tls}"
} else {
$protocol = 'http'
$options = "${options_init}"
}
$backend_url = sprintf('etcd3+%s://%s:%s%s', $protocol, normalize_ip_for_uri($etcd_host), $etcd_port, $options)
class { 'cinder::coordination' :
backend_url => $backend_url,
}
}
class { 'cinder::volume' :
cluster => $cinder_volume_cluster_real,
}
if $cinder_enable_pure_backend {
include tripleo::profile::base::cinder::volume::pure
$cinder_pure_backend_name = lookup('cinder::backend::pure::volume_backend_name', undef, undef, 'tripleo_pure')
} else {
$cinder_pure_backend_name = undef
}
if $cinder_enable_dellemc_sc_backend {
include tripleo::profile::base::cinder::volume::dellemc_sc
$cinder_dellemc_sc_backend_name = lookup('cinder::backend::dellemc_sc::volume_backend_name', undef, undef, 'tripleo_dellemc_sc')
} else {
$cinder_dellemc_sc_backend_name = undef
}
if $cinder_enable_dellemc_unity_backend {
include tripleo::profile::base::cinder::volume::dellemc_unity
$cinder_dellemc_unity_backend_name = lookup('cinder::backend::dellemc_unity::volume_backend_name',
undef, undef, 'tripleo_dellemc_unity')
} else {
$cinder_dellemc_unity_backend_name = undef
}
if $cinder_enable_dellemc_powerflex_backend {
include tripleo::profile::base::cinder::volume::dellemc_powerflex
$cinder_dellemc_powerflex_backend_name = lookup('cinder::backend::dellemc_powerflex::volume_backend_name',
undef, undef, 'tripleo_dellemc_powerflex')
} else {
$cinder_dellemc_powerflex_backend_name = undef
}
if $cinder_enable_dellemc_powermax_backend {
include tripleo::profile::base::cinder::volume::dellemc_powermax
$cinder_dellemc_powermax_backend_name = lookup('cinder::backend::dellemc_powermax::volume_backend_name',
undef, undef, 'tripleo_dellemc_powermax')
} else {
$cinder_dellemc_powermax_backend_name = undef
}
if $cinder_enable_dellemc_powerstore_backend {
include tripleo::profile::base::cinder::volume::dellemc_powerstore
$cinder_dellemc_powerstore_backend_name = lookup('cinder::backend::dellemc_powerstore::volume_backend_name',
undef, undef, 'tripleo_dellemc_powerstore')
} else {
$cinder_dellemc_powerstore_backend_name = undef
}
if $cinder_enable_dellemc_vnx_backend {
include tripleo::profile::base::cinder::volume::dellemc_vnx
$cinder_dellemc_vnx_backend_name = lookup('cinder::backend::emc_vnx::volume_backend_name',
undef, undef, 'tripleo_dellemc_vnx')
} else {
$cinder_dellemc_vnx_backend_name = undef
}
if $cinder_enable_dellemc_xtremio_backend {
include tripleo::profile::base::cinder::volume::dellemc_xtremio
$cinder_dellemc_xtremio_backend_name = lookup('cinder::backend::dellemc_xtremio::volume_backend_name',
undef, undef, 'tripleo_dellemc_xtremio')
} else {
$cinder_dellemc_xtremio_backend_name = undef
}
if $cinder_enable_ibm_svf_backend {
include tripleo::profile::base::cinder::volume::ibm_svf
$cinder_ibm_svf_backend_name = lookup('cinder::backend::ibm_svf::volume_backend_name',
undef, undef, 'tripleo_ibm_svf')
} else {
$cinder_ibm_svf_backend_name = undef
}
if $cinder_enable_iscsi_backend {
include tripleo::profile::base::cinder::volume::iscsi
$cinder_iscsi_backend_name = lookup('cinder::backend::iscsi::volume_backend_name', undef, undef, 'tripleo_iscsi')
} else {
$cinder_iscsi_backend_name = undef
}
if $cinder_enable_netapp_backend {
include tripleo::profile::base::cinder::volume::netapp
$cinder_netapp_backend_name = lookup('cinder::backend::netapp::volume_backend_name', undef, undef, 'tripleo_netapp')
} else {
$cinder_netapp_backend_name = undef
}
if $cinder_enable_nfs_backend {
include tripleo::profile::base::cinder::volume::nfs
$cinder_nfs_backend_name = lookup('tripleo::profile::base::cinder::volume::nfs::backend_name',
undef, undef, lookup('cinder::backend::nfs::volume_backend_name',
undef, undef, 'tripleo_nfs'))
} else {
$cinder_nfs_backend_name = undef
}
if $cinder_enable_rbd_backend {
include tripleo::profile::base::cinder::volume::rbd
$cinder_rbd_backend_name = lookup('tripleo::profile::base::cinder::volume::rbd::backend_name',
undef, undef, ['tripleo_ceph'])
$extra_pools = lookup('tripleo::profile::base::cinder::volume::rbd::cinder_rbd_extra_pools', undef, undef, undef)
if empty($extra_pools) {
$extra_backend_names = []
} else {
# These $extra_pools are associated with the first backend
$base_name = any2array($cinder_rbd_backend_name)[0]
$extra_backend_names = any2array($extra_pools).map |$pool_name| { "${base_name}_${pool_name}" }
}
# Each $multi_config backend can specify its own list of extra pools. The
# backend names are the $multi_config hash keys.
$multi_config = lookup('tripleo::profile::base::cinder::volume::rbd::multi_config', undef, undef, {})
$extra_multiconfig_backend_names = $multi_config.map |$base_name, $backend_config| {
$backend_extra_pools = $backend_config['CinderRbdExtraPools']
any2array($backend_extra_pools).map |$pool_name| { "${base_name}_${pool_name}" }
}
$cinder_rbd_extra_backend_names = flatten($extra_backend_names, $extra_multiconfig_backend_names)
} else {
$cinder_rbd_backend_name = undef
$cinder_rbd_extra_backend_names = undef
}
if $cinder_enable_nvmeof_backend {
include tripleo::profile::base::cinder::volume::nvmeof
$cinder_nvmeof_backend_name = lookup('cinder::backend::nvmeof::volume_backend_name', undef, undef, 'tripleo_nvmeof')
} else {
$cinder_nvmeof_backend_name = undef
}
$backends = delete_undef_values(concat([], $cinder_iscsi_backend_name,
$cinder_rbd_backend_name,
$cinder_rbd_extra_backend_names,
$cinder_pure_backend_name,
$cinder_dellemc_sc_backend_name,
$cinder_dellemc_unity_backend_name,
$cinder_dellemc_powerflex_backend_name,
$cinder_dellemc_powermax_backend_name,
$cinder_dellemc_powerstore_backend_name,
$cinder_dellemc_vnx_backend_name,
$cinder_dellemc_xtremio_backend_name,
$cinder_ibm_svf_backend_name,
$cinder_netapp_backend_name,
$cinder_nfs_backend_name,
$cinder_user_enabled_backends,
$cinder_nvmeof_backend_name))
# NOTE(aschultz): during testing it was found that puppet 3 may incorrectly
# include a "" in the previous array which is not removed by the
# delete_undef_values function. So we need to make sure we don't have any
# "" strings in our array.
$cinder_enabled_backends = delete($backends, '')
class { 'cinder::backends' :
enabled_backends => $cinder_enabled_backends,
}
include cinder::backend::defaults
}
}

65
manifests/profile/base/cinder/volume/dellemc_powerflex.pp
View File

@ -1,65 +0,0 @@
# Copyright (c) 2020 Dell Inc, or its subsidiaries.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: tripleo::profile::base::cinder::volume::dellemc_powerflex
#
# Cinder Volume dellemc_powerflex profile for tripleo
#
# === Parameters
#
# [*backend_name*]
# (Optional) Name given to the Cinder backend stanza
# Defaults to lookup('cinder::backend::dellemc_powerflex::volume_backend_name', undef, undef, 'tripleo_dellemc_powerflex')
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
# Defaults to Integer(lookup('step'))
#
class tripleo::profile::base::cinder::volume::dellemc_powerflex (
$backend_name = lookup('cinder::backend::dellemc_powerflex::volume_backend_name', undef, undef, 'tripleo_dellemc_powerflex'),
$step = Integer(lookup('step')),
) {
include tripleo::profile::base::cinder::volume
if $step >= 4 {
create_resources('cinder::backend::dellemc_powerflex', { $backend_name => delete_undef_values({
'backend_availability_zone' => lookup('cinder::backend::dellemc_powerflex::backend_availability_zone',
undef, undef, undef),
'san_login' => lookup('cinder::backend::dellemc_powerflex::san_login', undef, undef, undef),
'san_password' => lookup('cinder::backend::dellemc_powerflex::san_password', undef, undef, undef),
'san_ip' => lookup('cinder::backend::dellemc_powerflex::san_ip', undef, undef, undef),
'powerflex_storage_pools' => lookup('cinder::backend::dellemc_powerflex::powerflex_storage_pools',
undef, undef, undef),
'powerflex_allow_migration_during_rebuild' => lookup('cinder::backend::dellemc_powerflex::powerflex_allow_migration_during_rebuild',
undef, undef, undef),
'powerflex_allow_non_padded_volumes' => lookup('cinder::backend::dellemc_powerflex::powerflex_allow_non_padded_volumes',
undef, undef, undef),
'powerflex_max_over_subscription_ratio' => lookup('cinder::backend::dellemc_powerflex::powerflex_max_over_subscription_ratio',
undef, undef, undef),
'powerflex_rest_server_port' => lookup('cinder::backend::dellemc_powerflex::powerflex_rest_server_port',
undef, undef, undef),
'powerflex_round_volume_capacity' => lookup('cinder::backend::dellemc_powerflex::powerflex_round_volume_capacity',
undef, undef, undef),
'powerflex_server_api_version' => lookup('cinder::backend::dellemc_powerflex::powerflex_server_api_version',
undef, undef, undef),
'powerflex_unmap_volume_before_deletion' => lookup('cinder::backend::dellemc_powerflex::powerflex_unmap_volume_before_deletion',
undef, undef, undef),
'san_thin_provision' => lookup('cinder::backend::dellemc_powerflex::san_thin_provision', undef, undef, undef),
'driver_ssl_cert_verify' => lookup('cinder::backend::dellemc_powerflex::driver_ssl_cert_verify',
undef, undef, undef),
'driver_ssl_cert_path' => lookup('cinder::backend::dellemc_powerflex::driver_ssl_cert_path', undef, undef, undef)
})})
}
}

70
manifests/profile/base/cinder/volume/dellemc_powermax.pp
View File

@ -1,70 +0,0 @@
# Copyright (c) 2020 Dell Inc, or its subsidiaries.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: tripleo::profile::base::cinder::volume::dellemc_powermax
#
# Cinder Volume dellemc_powermax profile for tripleo
#
# === Parameters
#
# [*backend_name*]
# (Optional) List of names given to the Cinder backend stanza.
# Defaults to lookup('cinder::backend:dellemc_powermax::volume_backend_name', undef, undef,
# ['tripleo_dellemc_powermax'])
#
# [*multi_config*]
# (Optional) A config hash when multiple backends are used.
# Defaults to lookup('cinder::backend::dellemc_powermax::volume_multi_config', undef, undef, {})
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
# Defaults to Integer(lookup('step'))
#
class tripleo::profile::base::cinder::volume::dellemc_powermax (
$backend_name = lookup('cinder::backend::dellemc_powermax::volume_backend_name', undef, undef, ['tripleo_dellemc_powermax']),
$multi_config = lookup('cinder::backend::dellemc_powermax::volume_multi_config', undef, undef, {}),
$step = Integer(lookup('step')),
) {
include tripleo::profile::base::cinder::volume
if $step >= 4 {
$backend_defaults = {
'CinderPowermaxAvailabilityZone' => lookup('cinder::backend::dellemc_powermax::backend_availability_zone', undef, undef, undef),
'CinderPowermaxSanIp' => lookup('cinder::backend::dellemc_powermax::san_ip', undef, undef, undef),
'CinderPowermaxSanLogin' => lookup('cinder::backend::dellemc_powermax::san_login', undef, undef, undef),
'CinderPowermaxSanPassword' => lookup('cinder::backend::dellemc_powermax::san_password', undef, undef, undef),
'CinderPowermaxStorageProtocol' => lookup('cinder::backend::dellemc_powermax::powermax_storage_protocol', undef, undef, undef),
'CinderPowermaxArray' => lookup('cinder::backend::dellemc_powermax::powermax_array', undef, undef, undef),
'CinderPowermaxSrp' => lookup('cinder::backend::dellemc_powermax::powermax_srp', undef, undef, undef),
'CinderPowermaxPortGroups' => lookup('cinder::backend::dellemc_powermax::powermax_port_groups', undef, undef, undef),
}
any2array($backend_name).each |String $backend| {
$backend_config = merge($backend_defaults, pick($multi_config[$backend], {}))
create_resources('cinder::backend::dellemc_powermax', { $backend => delete_undef_values({
'backend_availability_zone' => $backend_config['CinderPowermaxAvailabilityZone'],
'san_ip' => $backend_config['CinderPowermaxSanIp'],
'san_login' => $backend_config['CinderPowermaxSanLogin'],
'san_password' => $backend_config['CinderPowermaxSanPassword'],
'powermax_storage_protocol' => $backend_config['CinderPowermaxStorageProtocol'],
'powermax_array' => $backend_config['CinderPowermaxArray'],
'powermax_srp' => $backend_config['CinderPowermaxSrp'],
'powermax_port_groups' => $backend_config['CinderPowermaxPortGroups'],
})})
}
}
}

66
manifests/profile/base/cinder/volume/dellemc_powerstore.pp
View File

@ -1,66 +0,0 @@
# Copyright (c) 2020 Dell Inc, or its subsidiaries.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: tripleo::profile::base::cinder::volume::dellemc_powerstore
#
# Cinder Volume dellemc_powerstore profile for tripleo
#
# === Parameters
#
# [*backend_name*]
# (Optional) List of names given to the Cinder backend stanza.
# Defaults to lookup('cinder::backend:dellemc_powerstore::volume_backend_name', undef, undef,
# ['tripleo_dellemc_powerstore'])
#
# [*multi_config*]
# (Optional) A config hash when multiple backends are used.
# Defaults to lookup('cinder::backend::dellemc_powerstore::volume_multi_config', undef, undef, {})
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
# Defaults to Integer(lookup('step'))
#
class tripleo::profile::base::cinder::volume::dellemc_powerstore (
$backend_name = lookup('cinder::backend::dellemc_powerstore::volume_backend_name', undef, undef, ['tripleo_dellemc_powerstore']),
$multi_config = lookup('cinder::backend::dellemc_powerstore::volume_multi_config', undef, undef, {}),
$step = Integer(lookup('step')),
) {
include tripleo::profile::base::cinder::volume
if $step >= 4 {
$backend_defaults = {
'CinderPowerStoreAvailabilityZone' => lookup('cinder::backend::dellemc_powerstore::backend_availability_zone', undef, undef, undef),
'CinderPowerStoreSanIp' => lookup('cinder::backend::dellemc_powerstore::san_ip', undef, undef, undef),
'CinderPowerStoreSanLogin' => lookup('cinder::backend::dellemc_powerstore::san_login', undef, undef, undef),
'CinderPowerStoreSanPassword' => lookup('cinder::backend::dellemc_powerstore::san_password', undef, undef, undef),
'CinderPowerStoreStorageProtocol' => lookup('cinder::backend::dellemc_powerstore::storage_protocol', undef, undef, undef),
'CinderPowerStorePorts' => lookup('cinder::backend::dellemc_powerstore::powerstore_ports', undef, undef, undef),
}
any2array($backend_name).each |String $backend| {
$backend_config = merge($backend_defaults, pick($multi_config[$backend], {}))
create_resources('cinder::backend::dellemc_powerstore', { $backend => delete_undef_values({
'backend_availability_zone' => $backend_config['CinderPowerStoreAvailabilityZone'],
'san_ip' => $backend_config['CinderPowerStoreSanIp'],
'san_login' => $backend_config['CinderPowerStoreSanLogin'],
'san_password' => $backend_config['CinderPowerStoreSanPassword'],
'storage_protocol' => $backend_config['CinderPowerStoreStorageProtocol'],
'powerstore_ports' => $backend_config['CinderPowerStorePorts'],
})})
}
}
}

87
manifests/profile/base/cinder/volume/dellemc_sc.pp
View File

@ -1,87 +0,0 @@
# Copyright (c) 2020 Dell Inc, or its subsidiaries.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: tripleo::profile::base::cinder::volume::dellemc_sc
#
# Cinder Volume dellemc_sc profile for tripleo
#
# === Parameters
#
# [*backend_name*]
# (Optional) Name given to the Cinder backend stanza
# Defaults to lookup('cinder::backend::dellemc_sc::volume_backend_name', undef, undef, ['tripleo_dellemc_sc'])
#
# [*multi_config*]
# (Optional) A config hash when multiple backends are used.
# Defaults to lookup('cinder::backend::dellemc_sc::volume_multi_config', undef, undef, {})
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
# Defaults to Integer(lookup('step'))
#
class tripleo::profile::base::cinder::volume::dellemc_sc (
$backend_name = lookup('cinder::backend::dellemc_sc::volume_backend_name', undef, undef, ['tripleo_dellemc_sc']),
$multi_config = lookup('cinder::backend::dellemc_sc::volume_multi_config', undef, undef, {}),
$step = Integer(lookup('step')),
) {
include tripleo::profile::base::cinder::volume
if $step >= 4 {
$backend_defaults = {
'CinderSCAvailabilityZone' => lookup('cinder::backend::dellemc_sc::backend_availability_zone', undef, undef, undef),
'CinderSCSanIp' => lookup('cinder::backend::dellemc_sc::san_ip', undef, undef, undef),
'CinderSCSanLogin' => lookup('cinder::backend::dellemc_sc::san_login', undef, undef, undef),
'CinderSCSanPassword' => lookup('cinder::backend::dellemc_sc::san_password', undef, undef, undef),
'CinderSCStorageProtocol' => lookup('cinder::backend::dellemc_sc::sc_storage_protocol', undef, undef, undef),
'CinderSCSSN' => lookup('cinder::backend::dellemc_sc::dell_sc_ssn', undef, undef, undef),
'CinderSCTargetIpAddress' => lookup('cinder::backend::dellemc_sc::iscsi_ip_address', undef, undef, undef),
'CinderSCTargetPort' => lookup('cinder::backend::dellemc_sc::iscsi_port', undef, undef, undef),
'CinderSCApiPort' => lookup('cinder::backend::dellemc_sc::dell_sc_api_port', undef, undef, undef),
'CinderSCServerFolder' => lookup('cinder::backend::dellemc_sc::dell_sc_server_folder', undef, undef, undef),
'CinderSCVolumeFolder' => lookup('cinder::backend::dellemc_sc::dell_sc_volume_folder', undef, undef, undef),
'CinderSCExcludedDomainIps' => lookup('cinder::backend::dellemc_sc::excluded_domain_ips', undef, undef, undef),
'CinderSCSecondarySanIp' => lookup('cinder::backend::dellemc_sc::secondary_san_ip', undef, undef, undef),
'CinderSCSecondarySanLogin' => lookup('cinder::backend::dellemc_sc::secondary_san_login', undef, undef, undef),
'CinderSCSecondarySanPassword' => lookup('cinder::backend::dellemc_sc::secondary_san_password', undef, undef, undef),
'CinderSCSecondaryApiPort' => lookup('cinder::backend::dellemc_sc::secondary_sc_api_port', undef, undef, undef),
'CinderSCUseMultipathForImageXfer' => lookup('cinder::backend::dellemc_sc::use_multipath_for_image_xfer', undef, undef, undef),
}
any2array($backend_name).each |String $backend| {
$backend_config = merge($backend_defaults, pick($multi_config[$backend], {}))
create_resources('cinder::backend::dellemc_sc', { $backend => delete_undef_values({
'backend_availability_zone' => $backend_config['CinderSCAvailabilityZone'],
'san_ip' => $backend_config['CinderSCSanIp'],
'san_login' => $backend_config['CinderSCSanLogin'],
'san_password' => $backend_config['CinderSCSanPassword'],
'sc_storage_protocol' => $backend_config['CinderSCStorageProtocol'],
'dell_sc_ssn' => $backend_config['CinderSCSSN'],
'target_ip_address' => $backend_config['CinderSCTargetIpAddress'],
'target_port' => $backend_config['CinderSCTargetPort'],
'dell_sc_api_port' => $backend_config['CinderSCApiPort'],
'dell_sc_server_folder' => $backend_config['CinderSCServerFolder'],
'dell_sc_volume_folder' => $backend_config['CinderSCVolumeFolder'],
'excluded_domain_ips' => $backend_config['CinderSCExcludedDomainIps'],
'secondary_san_ip' => $backend_config['CinderSCSecondarySanIp'],
'secondary_san_login' => $backend_config['CinderSCSecondarySanLogin'],
'secondary_san_password' => $backend_config['CinderSCSecondarySanPassword'],
'secondary_sc_api_port' => $backend_config['CinderSCSecondaryApiPort'],
'use_multipath_for_image_xfer' => $backend_config['CinderSCUseMultipathForImageXfer'],
})})
}
}
}

66
manifests/profile/base/cinder/volume/dellemc_unity.pp
View File

@ -1,66 +0,0 @@
# Copyright (c) 2016-2017 Dell Inc, or its subsidiaries.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: tripleo::profile::base::cinder::volume::dellemc_unity
#
# Cinder Volume dellemc_unity profile for tripleo
#
# === Parameters
#
# [*backend_name*]
# (Optional) List of names given to the Cinder backend stanza.
# Defaults to lookup('cinder::backend::dellemc_unity::volume_backend_name', undef, undef, ['tripleo_dellemc_unity'])
#
# [*multi_config*]
# (Optional) A config hash when multiple backends are used.
# Defaults to lookup('cinder::backend::dellemc_unity::volume_multi_config', undef, undef, {})
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
# Defaults to Integer(lookup('step'))
#
class tripleo::profile::base::cinder::volume::dellemc_unity (
$backend_name = lookup('cinder::backend::dellemc_unity::volume_backend_name', undef, undef, ['tripleo_dellemc_unity']),
$multi_config = lookup('cinder::backend::dellemc_unity::volume_multi_config', undef, undef, {}),
$step = Integer(lookup('step')),
) {
include tripleo::profile::base::cinder::volume
if $step >= 4 {
$backend_defaults = {
'CinderDellEMCUnityAvailabilityZone' => lookup('cinder::backend::dellemc_unity::backend_availability_zone', undef, undef, undef),
'CinderDellEMCUnitySanIp' => lookup('cinder::backend::dellemc_unity::san_ip', undef, undef, undef),
'CinderDellEMCUnitySanLogin' => lookup('cinder::backend::dellemc_unity::san_login', undef, undef, undef),
'CinderDellEMCUnitySanPassword' => lookup('cinder::backend::dellemc_unity::san_password', undef, undef, undef),
'CinderDellEMCUnityStorageProtocol' => lookup('cinder::backend::dellemc_unity::storage_protocol', undef, undef, undef),
'CinderDellEMCUnityIoPorts' => lookup('cinder::backend::dellemc_unity::unity_io_ports', undef, undef, undef),
'CinderDellEMCUnityStoragePoolNames' => lookup('cinder::backend::dellemc_unity::unity_storage_pool_names', undef, undef, undef),
}
any2array($backend_name).each |String $backend| {
$backend_config = merge($backend_defaults, pick($multi_config[$backend], {}))
create_resources('cinder::backend::dellemc_unity', { $backend => delete_undef_values({
'backend_availability_zone' => $backend_config['CinderDellEMCUnityAvailabilityZone'],
'san_ip' => $backend_config['CinderDellEMCUnitySanIp'],
'san_login' => $backend_config['CinderDellEMCUnitySanLogin'],
'san_password' => $backend_config['CinderDellEMCUnitySanPassword'],
'storage_protocol' => $backend_config['CinderDellEMCUnityStorageProtocol'],
'unity_io_ports' => $backend_config['CinderDellEMCUnityIoPorts'],
'unity_storage_pool_names' => $backend_config['CinderDellEMCUnityStoragePoolNames'],
})})
}
}
}

76
manifests/profile/base/cinder/volume/dellemc_vnx.pp
View File

@ -1,76 +0,0 @@
# Copyright (c) 2016-2018 Dell Inc, or its subsidiaries.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: tripleo::profile::base::cinder::volume::dellemc_vnx
#
# Cinder Volume dellemc_vnx profile for tripleo
#
# === Parameters
#
# [*backend_name*]
# (Optional) List of names given to the Cinder backend stanza
# Defaults to lookup('cinder::backend::emc_vnx::volume_backend_name', undef, undef, ['tripleo_dellemc_vnx'])
#
# [*multi_config*]
# (Optional) A config hash when multiple backends are used.
# Defaults to lookup('cinder::backend::emc_vnx::volume_multi_config', undef, undef, {})
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
# Defaults to Integer(lookup('step'))
#
class tripleo::profile::base::cinder::volume::dellemc_vnx (
$backend_name = lookup('cinder::backend::emc_vnx::volume_backend_name', undef, undef, ['tripleo_dellemc_vnx']),
$multi_config = lookup('cinder::backend::emc_vnx::volume_multi_config', undef, undef, {}),
$step = Integer(lookup('step')),
) {
include tripleo::profile::base::cinder::volume
if $step >= 4 {
$backend_defaults = {
'CinderDellEMCVNXAvailabilityZone' => lookup('cinder::backend::emc_vnx::backend_availability_zone', undef, undef, undef),
'CinderDellEMCVNXSanIp' => lookup('cinder::backend::emc_vnx::san_ip', undef, undef, undef),
'CinderDellEMCVNXSanLogin' => lookup('cinder::backend::emc_vnx::san_login', undef, undef, undef),
'CinderDellEMCVNXSanPassword' => lookup('cinder::backend::emc_vnx::san_password', undef, undef, undef),
'CinderDellEMCVNXStorageProtocol' => lookup('cinder::backend::emc_vnx::storage_protocol', undef, undef, undef),
'CinderDellEMCVNXStoragePoolNames' => lookup('cinder::backend::emc_vnx::storage_vnx_pool_names', undef, undef, undef),
'CinderDellEMCVNXDefaultTimeout' => lookup('cinder::backend::emc_vnx::default_timeout', undef, undef, undef),
'CinderDellEMCVNXMaxLunsPerStorageGroup' => lookup('cinder::backend::emc_vnx::max_luns_per_storage_group', undef, undef, undef),
'CinderDellEMCVNXInitiatorAutoRegistration' => lookup('cinder::backend::emc_vnx::initiator_auto_registration', undef, undef, undef),
'CinderDellEMCVNXAuthType' => lookup('cinder::backend::emc_vnx::storage_vnx_auth_type', undef, undef, undef),
'CinderDellEMCVNXStorageSecurityFileDir' => lookup('cinder::backend::emc_vnx::storage_vnx_security_file_dir', undef, undef, undef),
'CinderDellEMCVNXNaviseccliPath' => lookup('cinder::backend::emc_vnx::naviseccli_path', undef, undef, undef),
}
any2array($backend_name).each |String $backend| {
$backend_config = merge($backend_defaults, pick($multi_config[$backend], {}))
create_resources('cinder::backend::emc_vnx', { $backend => delete_undef_values({
'backend_availability_zone' => $backend_config['CinderDellEMCVNXAvailabilityZone'],
'san_ip' => $backend_config['CinderDellEMCVNXSanIp'],
'san_login' => $backend_config['CinderDellEMCVNXSanLogin'],
'san_password' => $backend_config['CinderDellEMCVNXSanPassword'],
'storage_protocol' => $backend_config['CinderDellEMCVNXStorageProtocol'],
'storage_vnx_pool_names' => $backend_config['CinderDellEMCVNXStoragePoolNames'],
'default_timeout' => $backend_config['CinderDellEMCVNXDefaultTimeout'],
'max_luns_per_storage_group' => $backend_config['CinderDellEMCVNXMaxLunsPerStorageGroup'],
'initiator_auto_registration' => $backend_config['CinderDellEMCVNXInitiatorAutoRegistration'],
'storage_vnx_auth_type' => $backend_config['CinderDellEMCVNXAuthType'],
'storage_vnx_security_file_dir' => $backend_config['CinderDellEMCVNXStorageSecurityFileDir'],
'naviseccli_path' => $backend_config['CinderDellEMCVNXNaviseccliPath'],
})})
}
}
}

76
manifests/profile/base/cinder/volume/dellemc_xtremio.pp
View File

@ -1,76 +0,0 @@
# Copyright (c) 2020 Dell Inc, or its subsidiaries.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: tripleo::profile::base::cinder::volume::dellemc_xtremio
#
# Cinder Volume dellemc_xtremio profile for tripleo
#
# === Parameters
#
# [*backend_name*]
# (Optional) Name given to the Cinder backend stanza
# Defaults to lookup('cinder::backend::dellemc_xtremio::volume_backend_name', undef, undef, ['tripleo_dellemc_xtremio'])
#
# [*multi_config*]
# (Optional) A config hash when multiple backends are used.
# Defaults to lookup('cinder::backend::dellemc_xtremio::volume_multi_config', undef, undef, {})
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
# Defaults to Integer(lookup('step'))
#
class tripleo::profile::base::cinder::volume::dellemc_xtremio (
$backend_name = lookup('cinder::backend::dellemc_xtremio::volume_backend_name', undef, undef, ['tripleo_dellemc_xtremio']),
$multi_config = lookup('cinder::backend::dellemc_xtremio::volume_multi_config', undef, undef, {}),
$step = Integer(lookup('step')),
) {
include tripleo::profile::base::cinder::volume
if $step >= 4 {
$backend_defaults = {
'CinderXtremioAvailabilityZone' => lookup('cinder::backend::dellemc_xtremio::backend_availability_zone', undef, undef, undef),
'CinderXtremioSanIp' => lookup('cinder::backend::dellemc_xtremio::san_ip', undef, undef, undef),
'CinderXtremioSanLogin' => lookup('cinder::backend::dellemc_xtremio::san_login', undef, undef, undef),
'CinderXtremioSanPassword' => lookup('cinder::backend::dellemc_xtremio::san_password', undef, undef, undef),
'CinderXtremioStorageProtocol' => lookup('cinder::backend::dellemc_xtremio::xtremio_storage_protocol', undef, undef, undef),
'CinderXtremioClusterName' => lookup('cinder::backend::dellemc_xtremio::xtremio_cluster_name', undef, undef, undef),
'CinderXtremioArrayBusyRetryCount' => lookup('cinder::backend::dellemc_xtremio::xtremio_array_busy_retry_count',
undef, undef, undef),
'CinderXtremioArrayBusyRetryInterval'=> lookup('cinder::backend::dellemc_xtremio::xtremio_array_busy_retry_interval',
undef, undef, undef),
'CinderXtremioVolumesPerGlanceCache' => lookup('cinder::backend::dellemc_xtremio::xtremio_volumes_per_glance_cache',
undef, undef, undef),
'CinderXtremioPorts' => lookup('cinder::backend::dellemc_xtremio::xtremio_ports', undef, undef, undef),
}
any2array($backend_name).each |String $backend| {
$backend_config = merge($backend_defaults, pick($multi_config[$backend], {}))
create_resources('cinder::backend::dellemc_xtremio', { $backend => delete_undef_values({
'backend_availability_zone' => $backend_config['CinderXtremioAvailabilityZone'],
'san_ip' => $backend_config['CinderXtremioSanIp'],
'san_login' => $backend_config['CinderXtremioSanLogin'],
'san_password' => $backend_config['CinderXtremioSanPassword'],
'xtremio_storage_protocol' => $backend_config['CinderXtremioStorageProtocol'],
'xtremio_cluster_name' => $backend_config['CinderXtremioClusterName'],
'xtremio_array_busy_retry_count' => $backend_config['CinderXtremioArrayBusyRetryCount'],
'xtremio_array_busy_retry_interval' => $backend_config['CinderXtremioArrayBusyRetryInterval'],
'xtremio_volumes_per_glance_cache' => $backend_config['CinderXtremioVolumesPerGlanceCache'],
'xtremio_ports' => $backend_config['CinderXtremioPorts'],
})})
}
}
}

60
manifests/profile/base/cinder/volume/ibm_svf.pp
View File

@ -1,60 +0,0 @@
#
# == Class: tripleo::profile::base::cinder::volume::ibm_svf
#
# Cinder Volume IBM Spectrum Virtualize family (Svf) profile for tripleo
#
# === Parameters
#
# [*backend_name*]
# (Optional) List of names given to the Cinder backend stanza.
# Defaults to lookup('cinder::backend:ibm_svf::volume_backend_name', undef, undef,
# ['tripleo_ibm_svf'])
#
# [*multi_config*]
# (Optional) A config hash when multiple backends are used.
# Defaults to lookup('cinder::backend::ibm_svf::volume_multi_config', undef, undef, {})
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
# Defaults to Integer(lookup('step'))
#
class tripleo::profile::base::cinder::volume::ibm_svf (
$backend_name = lookup('cinder::backend::ibm_svf::volume_backend_name', undef, undef, ['tripleo_ibm_svf']),
$multi_config = lookup('cinder::backend::ibm_svf::volume_multi_config', undef, undef, {}),
$step = Integer(lookup('step')),
) {
include tripleo::profile::base::cinder::volume
# NOTE: Svf was earlier called as storwize/svc driver, so the cinder
# configuration parameters were named accordingly.
if $step >= 4 {
$backend_defaults = {
'CinderSvfAvailabilityZone' => lookup('cinder::backend::ibm_svf::backend_availability_zone', undef, undef, undef),
'CinderSvfSanIp' => lookup('cinder::backend::ibm_svf::san_ip', undef, undef, undef),
'CinderSvfSanLogin' => lookup('cinder::backend::ibm_svf::san_login', undef, undef, undef),
'CinderSvfSanPassword' => lookup('cinder::backend::ibm_svf::san_password', undef, undef, undef),
'CinderSvfAllowTenantQos' => lookup('cinder::backend::ibm_svf::storwize_svc_allow_tenant_qos', undef, undef, undef),
'CinderSvfConnectionProtocol' => lookup('cinder::backend::ibm_svf::storwize_svc_connection_protocol', undef, undef, undef),
'CinderSvfIscsiChapEnabled' => lookup('cinder::backend::ibm_svf::storwize_svc_iscsi_chap_enabled', undef, undef, undef),
'CinderSvfRetainAuxVolume' => lookup('cinder::backend::ibm_svf::storwize_svc_retain_aux_volume', undef, undef, undef),
'CinderSvfVolumePoolName' => lookup('cinder::backend::ibm_svf::storwize_svc_volpool_name', undef, undef, undef),
}
any2array($backend_name).each |String $backend| {
$backend_config = merge($backend_defaults, pick($multi_config[$backend], {}))
create_resources('cinder::backend::ibm_svf', { $backend => delete_undef_values({
'backend_availability_zone' => $backend_config['CinderSvfAvailabilityZone'],
'san_ip' => $backend_config['CinderSvfSanIp'],
'san_login' => $backend_config['CinderSvfSanLogin'],
'san_password' => $backend_config['CinderSvfSanPassword'],
'storwize_svc_allow_tenant_qos' => $backend_config['CinderSvfAllowTenantQos'],
'storwize_svc_connection_protocol' => $backend_config['CinderSvfConnectionProtocol'],
'storwize_svc_iscsi_chap_enabled' => $backend_config['CinderSvfIscsiChapEnabled'],
'storwize_svc_retain_aux_volume' => $backend_config['CinderSvfRetainAuxVolume'],
'storwize_svc_volpool_name' => $backend_config['CinderSvfVolumePoolName'],
})})
}
}
}

67
manifests/profile/base/cinder/volume/iscsi.pp
View File

@ -1,67 +0,0 @@
# Copyright 2016 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: tripleo::profile::base::cinder::volume::iscsi
#
# Cinder Volume iscsi profile for tripleo
#
# === Parameters
#
# [*cinder_iscsi_address*]
# The address where to bind the iscsi targets daemon
#
# [*backend_name*]
# (Optional) Name given to the Cinder backend stanza
# Defaults to lookup('cinder::backend::iscsi::volume_backend_name', undef, undef, 'tripleo_iscsi')
#
# [*backend_availability_zone*]
# (Optional) Availability zone for this volume backend
# Defaults to lookup('cinder::backend::iscsi::backend_availability_zone', undef, undef, undef)
#
# [*cinder_iscsi_helper*]
# (Optional) The iscsi helper to use
# Defaults to 'tgtadm'
#
# [*cinder_iscsi_protocol*]
# (Optional) The iscsi protocol to use
# Defaults to 'iscsi'
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
# Defaults to Integer(lookup('step'))
#
class tripleo::profile::base::cinder::volume::iscsi (
$cinder_iscsi_address,
$backend_name = lookup('cinder::backend::iscsi::volume_backend_name', undef, undef, 'tripleo_iscsi'),
$backend_availability_zone = lookup('cinder::backend::iscsi::backend_availability_zone', undef, undef, undef),
$cinder_iscsi_helper = 'tgtadm',
$cinder_iscsi_protocol = 'iscsi',
$step = Integer(lookup('step')),
) {
include tripleo::profile::base::cinder::volume
if $step >= 4 {
# NOTE(gfidente): never emit in hieradata:
# key: [ipv6]
# as it will cause hiera parsing errors
create_resources('cinder::backend::iscsi', { $backend_name => delete_undef_values({
'backend_availability_zone' => $backend_availability_zone,
'target_ip_address' => normalize_ip_for_uri($cinder_iscsi_address),
'target_helper' => $cinder_iscsi_helper,
'target_protocol' => $cinder_iscsi_protocol,
})})
}
}

89
manifests/profile/base/cinder/volume/netapp.pp
View File

@ -1,89 +0,0 @@
# Copyright 2016 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: tripleo::profile::base::cinder::volume::netapp
#
# Cinder Volume netapp profile for tripleo
#
# === Parameters
#
# [*backend_name*]
# (Optional) List of names given to the Cinder backend stanza.
# Defaults to lookup('cinder::backend::netapp::volume_backend_name', undef, undef, ['tripleo_netapp'])
#
# [*multi_config*]
# (Optional) A config hash when multiple backends are used.
# Defaults to lookup('cinder::backend::netapp::volume_multi_config', undef, undef, {})
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
# Defaults to Integer(lookup('step'))
#
class tripleo::profile::base::cinder::volume::netapp (
$backend_name = lookup('cinder::backend::netapp::volume_backend_name', undef, undef, ['tripleo_netapp']),
$multi_config = lookup('cinder::backend::netapp::volume_multi_config', undef, undef, {}),
$step = Integer(lookup('step')),
) {
include tripleo::profile::base::cinder::volume
if $step >= 4 {
$backend_defaults = {
'CinderNetappAvailabilityZone' => lookup('cinder::backend::netapp::backend_availability_zone', undef, undef, undef),
'CinderNetappLogin' => lookup('cinder::backend::netapp::netapp_login', undef, undef, undef),
'CinderNetappPassword' => lookup('cinder::backend::netapp::netapp_password', undef, undef, undef),
'CinderNetappServerHostname' => lookup('cinder::backend::netapp::netapp_server_hostname', undef, undef, undef),
'CinderNetappServerPort' => lookup('cinder::backend::netapp::netapp_server_port', undef, undef, undef),
'CinderNetappSizeMultiplier' => lookup('cinder::backend::netapp::netapp_size_multiplier', undef, undef, undef),
'CinderNetappStorageFamily' => lookup('cinder::backend::netapp::netapp_storage_family', undef, undef, undef),
'CinderNetappStorageProtocol' => lookup('cinder::backend::netapp::netapp_storage_protocol', undef, undef, undef),
'CinderNetappTransportType' => lookup('cinder::backend::netapp::netapp_transport_type', undef, undef, undef),
'CinderNetappVserver' => lookup('cinder::backend::netapp::netapp_vserver', undef, undef, undef),
'CinderNetappNfsShares' => lookup('cinder::backend::netapp::nfs_shares', undef, undef, undef),
'CinderNetappNfsSharesConfig' => lookup('cinder::backend::netapp::nfs_shares_config', undef, undef, undef),
'CinderNetappNfsMountOptions' => lookup('cinder::backend::netapp::nfs_mount_options', undef, undef, undef),
'CinderNetappCopyOffloadToolPath' => lookup('cinder::backend::netapp::netapp_copyoffload_tool_path', undef, undef, undef),
'CinderNetappHostType' => lookup('cinder::backend::netapp::netapp_host_type', undef, undef, undef),
'CinderNetappNasSecureFileOperations' => lookup('cinder::backend::netapp::nas_secure_file_operations', undef, undef, undef),
'CinderNetappNasSecureFilePermissions' => lookup('cinder::backend::netapp::nas_secure_file_permissions', undef, undef, undef),
'CinderNetappPoolNameSearchPattern' => lookup('cinder::backend::netapp::netapp_pool_name_search_pattern', undef, undef, undef),
}
any2array($backend_name).each |String $backend| {
$backend_config = merge($backend_defaults, pick($multi_config[$backend], {}))
create_resources('cinder::backend::netapp', { $backend => delete_undef_values({
'backend_availability_zone' => $backend_config['CinderNetappAvailabilityZone'],
'netapp_login' => $backend_config['CinderNetappLogin'],
'netapp_password' => $backend_config['CinderNetappPassword'],
'netapp_server_hostname' => $backend_config['CinderNetappServerHostname'],
'netapp_server_port' => $backend_config['CinderNetappServerPort'],
'netapp_size_multiplier' => $backend_config['CinderNetappSizeMultiplier'],
'netapp_storage_family' => $backend_config['CinderNetappStorageFamily'],
'netapp_storage_protocol' => $backend_config['CinderNetappStorageProtocol'],
'netapp_transport_type' => $backend_config['CinderNetappTransportType'],
'netapp_vserver' => $backend_config['CinderNetappVserver'],
'nfs_shares' => any2array($backend_config['CinderNetappNfsShares']),
'nfs_shares_config' => $backend_config['CinderNetappNfsSharesConfig'],
'nfs_mount_options' => $backend_config['CinderNetappNfsMountOptions'],
'netapp_copyoffload_tool_path' => $backend_config['CinderNetappCopyOffloadToolPath'],
'netapp_host_type' => $backend_config['CinderNetappHostType'],
'nas_secure_file_operations' => $backend_config['CinderNetappNasSecureFileOperations'],
'nas_secure_file_permissions' => $backend_config['CinderNetappNasSecureFilePermissions'],
'netapp_pool_name_search_pattern' => $backend_config['CinderNetappPoolNameSearchPattern'],
})})
}
}
}

116
manifests/profile/base/cinder/volume/nfs.pp
View File

@ -1,116 +0,0 @@
# Copyright 2016 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: tripleo::profile::base::cinder::volume::nfs
#
# Cinder Volume nfs profile for tripleo
#
# === Parameters
#
# [*cinder_nfs_servers*]
# List of NFS shares to mount
#
# [*backend_name*]
# (Optional) List of names given to the Cinder backend stanza.
# Defaults to lookup('cinder::backend::nfs::volume_backend_name', undef, undef, ['tripleo_nfs'])
#
# [*backend_availability_zone*]
# (Optional) Availability zone for this volume backend
# Defaults to lookup('cinder::backend::nfs::backend_availability_zone', undef, undef, undef)
#
# [*cinder_nfs_mount_options*]
# (Optional) List of mount options for the NFS share
# Defaults to ''
#
# [*cinder_nfs_shares_config*]
# (Optional) NFS shares configuration file
# Defaults to '/etc/cinder/shares-nfs.conf'
#
# [*cinder_nfs_snapshot_support*]
# (Optional) Whether to enable support for snapshots in the NFS driver.
# Defaults to $::os_service_default
#
# [*cinder_nas_secure_file_operations*]
# (Optional) Allow network-attached storage systems to operate in a secure
# environment where root level access is not permitted. If set to False,
# access is as the root user and insecure. If set to True, access is not as
# root. If set to auto, a check is done to determine if this is a new
# installation: True is used if so, otherwise False. Default is auto.
# Defaults to $::os_service_default
#
# [*cinder_nas_secure_file_permissions*]
# (Optional) Set more secure file permissions on network-attached storage
# volume files to restrict broad other/world access. If set to False,
# volumes are created with open permissions. If set to True, volumes are
# created with permissions for the cinder user and group (660). If set to
# auto, a check is done to determine if this is a new installation: True is
# used if so, otherwise False. Default is auto.
# Defaults to $::os_service_default
#
# [*multi_config*]
# (Optional) A config hash when multiple backends are used.
# Defaults to {}
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
# Defaults to Integer(lookup('step'))
#
class tripleo::profile::base::cinder::volume::nfs (
$cinder_nfs_servers,
$backend_name = lookup('cinder::backend::nfs::volume_backend_name', undef, undef, ['tripleo_nfs']),
$backend_availability_zone = lookup('cinder::backend::nfs::backend_availability_zone', undef, undef, undef),
$cinder_nfs_mount_options = '',
$cinder_nfs_shares_config = '/etc/cinder/shares-nfs.conf',
$cinder_nfs_snapshot_support = $::os_service_default,
$cinder_nas_secure_file_operations = $::os_service_default,
$cinder_nas_secure_file_permissions = $::os_service_default,
$multi_config = {},
$step = Integer(lookup('step')),
) {
include tripleo::profile::base::cinder::volume
if $step >= 4 {
package {'nfs-utils': }
$backend_defaults = {
'CinderNfsAvailabilityZone' => $backend_availability_zone,
'CinderNfsServers' => $cinder_nfs_servers,
'CinderNfsMountOptions' => $cinder_nfs_mount_options,
'CinderNfsSharesConfig' => $cinder_nfs_shares_config,
'CinderNfsSnapshotSupport' => $cinder_nfs_snapshot_support,
'CinderNasSecureFileOperations' => $cinder_nas_secure_file_operations,
'CinderNasSecureFilePermissions' => $cinder_nas_secure_file_permissions,
}
any2array($backend_name).each |String $backend| {
$backend_config = merge($backend_defaults, pick($multi_config[$backend], {}))
create_resources('cinder::backend::nfs', { $backend => delete_undef_values({
'backend_availability_zone' => $backend_config['CinderNfsAvailabilityZone'],
'nfs_servers' => $backend_config['CinderNfsServers'],
'nfs_mount_options' => $backend_config['CinderNfsMountOptions'],
'nfs_shares_config' => $backend_config['CinderNfsSharesConfig'],
'nfs_snapshot_support' => $backend_config['CinderNfsSnapshotSupport'],
'nas_secure_file_operations' => $backend_config['CinderNasSecureFileOperations'],
'nas_secure_file_permissions' => $backend_config['CinderNasSecureFilePermissions'],
})})
Package['nfs-utils'] -> Cinder::Backend::Nfs[$backend]
}
if str2bool($::selinux) {
selboolean { 'virt_use_nfs':
value => on,
persistent => true,
require => Package['nfs-utils'],
}
}
}
}

80
manifests/profile/base/cinder/volume/nvmeof.pp
View File

@ -1,80 +0,0 @@
#
# == Class: tripleo::profile::base::cinder::volume::nvmeof
#
# NVMeOF Cinder Volume profile for tripleo
#
# === Parameters
#
# [*target_ip_address*]
# (Required) The IP address of NVMe target
#
# [*target_port*]
# (Required) Port that NVMe target is listening on
#
# [*target_helper*]
# (Required) Target user-land tool to use
#
# [*target_protocol*]
# (Required) Target protocol to use
#
# [*target_prefix*]
# (Optional) Prefix for LVM volumes
# Defaults to 'nvme-subsystem'
#
# [*nvmet_port_id*]
# (Optional) Port id of the NVMe target
# Defaults to '1'
#
# [*nvmet_ns_id*]
# (Optional) The namespace id associated with the subsystem
# Defaults to '10'
#
# [*volume_backend_name*]
# (Optional) Name given to the Cinder backend
# Defaults to lookup('cinder::backend::nvmeof::volume_backend_name', undef, undef, 'tripleo_nvmeof')
#
# [*backend_availability_zone*]
# (Optional) Availability zone for this volume backend
# Defaults to lookup('cinder::backend::nvmeof::backend_availability_zone', undef, undef, undef)
#
# [*volume_driver*]
# (Optional) Driver to use for volume creation
# Defaults to 'cinder.volume.drivers.lvm.LVMVolumeDriver'
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
# Defaults to Integer(lookup('step'))
#
class tripleo::profile::base::cinder::volume::nvmeof (
$target_ip_address,
$target_port,
$target_helper,
$target_protocol,
$target_prefix = 'nvme-subsystem',
$nvmet_port_id = '1',
$nvmet_ns_id = '10',
$volume_backend_name = lookup('cinder::backend::nvmeof::volume_backend_name', undef, undef, 'tripleo_nvmeof'),
$backend_availability_zone = lookup('cinder::backend::nvmeof::backend_availability_zone', undef, undef, undef),
$volume_driver = 'cinder.volume.drivers.lvm.LVMVolumeDriver',
$step = Integer(lookup('step')),
) {
include tripleo::profile::base::cinder::volume
if $step >= 4 {
create_resources('cinder::backend::nvmeof', { $volume_backend_name => delete_undef_values({
'target_ip_address' => normalize_ip_for_uri($target_ip_address),
'target_port' => $target_port,
'target_helper' => $target_helper,
'target_protocol' => $target_protocol,
'target_prefix' => $target_prefix,
'nvmet_port_id' => $nvmet_port_id,
'nvmet_ns_id' => $nvmet_ns_id,
'volume_backend_name' => $volume_backend_name,
'backend_availability_zone' => $backend_availability_zone,
'volume_driver' => $volume_driver,
})})
}
}

80
manifests/profile/base/cinder/volume/pure.pp
View File

@ -1,80 +0,0 @@
# Copyright 2016 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: tripleo::profile::base::cinder::volume::pure
#
# Cinder Volume pure profile for tripleo
#
# === Parameters
#
# [*backend_name*]
# (Optional) List of names given to the Cinder backend stanza.
# Defaults to lookup('cinder::backend::pure::volume_backend_name', undef, undef, ['tripleo_pure'])
#
# [*multi_config*]
# (Optional) A config hash when multiple backends are used.
# Defaults to lookup('cinder::backend::pure::volume_multi_config', undef, undef, {})
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
# Defaults to Integer(lookup('step'))
#
class tripleo::profile::base::cinder::volume::pure (
$backend_name = lookup('cinder::backend::pure::volume_backend_name', undef, undef, ['tripleo_pure']),
$multi_config = lookup('cinder::backend::pure::volume_multi_config', undef, undef, {}),
$step = Integer(lookup('step')),
) {
include tripleo::profile::base::cinder::volume
if $step >= 4 {
$backend_defaults = {
'CinderPureAvailabilityZone' => lookup('cinder::backend::pure::backend_availability_zone', undef, undef, undef),
'CinderPureSanIp' => lookup('cinder::backend::pure::san_ip', undef, undef, undef),
'CinderPureAPIToken' => lookup('cinder::backend::pure::pure_api_token', undef, undef, undef),
'CinderPureStorageProtocol' => lookup('cinder::backend::pure::pure_storage_protocol', undef, undef, undef),
'CinderPureUseChap' => lookup('cinder::backend::pure::use_chap_auth', undef, undef, undef),
'CinderPureMultipathXfer' => lookup('cinder::backend::pure::use_multipath_for_image_xfer', undef, undef, undef),
'CinderPureImageCache' => lookup('cinder::backend::pure::image_volume_cache_enabled', undef, undef, undef),
'CinderPureIscsiCidr' => lookup('cinder::backend::pure::pure_iscsi_cidr', undef, undef, undef),
'CinderPureIscsiCidrList' => lookup('cinder::backend::pure::pure_iscsi_cidr_list', undef, undef, undef),
'CinderPureHostPersonality' => lookup('cinder::backend::pure::pure_host_personality', undef, undef, undef),
'CinderPureEradicateOnDelete' => lookup('cinder::backend::pure::pure_eradicate_on_delete', undef, undef, undef),
'CinderPureNvmeTransport' => lookup('cinder::backend::pure::pure_nvme_transport', undef, undef, undef),
'CinderPureNvmeCidr' => lookup('cinder::backend::pure::pure_nvme_cidr', undef, undef, undef),
'CinderPureNvmeCidrList' => lookup('cinder::backend::pure::pure_nvme_cidr_list', undef, undef, undef),
}
$backend_name.each |String $backend| {
$backend_config = merge($backend_defaults, pick($multi_config[$backend], {}))
create_resources('cinder::backend::pure', { $backend => delete_undef_values({
'backend_availability_zone' => $backend_config['CinderPureAvailabilityZone'],
'san_ip' => $backend_config['CinderPureSanIp'],
'pure_api_token' => $backend_config['CinderPureAPIToken'],
'pure_storage_protocol' => $backend_config['CinderPureStorageProtocol'],
'use_chap_auth' => $backend_config['CinderPureUseChap'],
'use_multipath_for_image_xfer' => $backend_config['CinderPureMultipathXfer'],
'image_volume_cache_enabled' => $backend_config['CinderPureImageCache'],
'pure_iscsi_cidr' => $backend_config['CinderPureIscsiCidr'],
'pure_iscsi_cidr_list' => $backend_config['CinderPureIscsiCidrList'],
'pure_host_personality' => $backend_config['CinderPureHostPersonality'],
'pure_eradicate_on_delete' => $backend_config['CinderPureEradicateOnDelete'],
'pure_nvme_transport' => $backend_config['CinderPureNvmeTransport'],
'pure_nvme_cidr' => $backend_config['CinderPureNvmeCidr'],
'pure_nvme_cidr_list' => $backend_config['CinderPureNvmeCidrList'],
})})
}
}
}

147
manifests/profile/base/cinder/volume/rbd.pp
View File

@ -1,147 +0,0 @@
# Copyright 2016 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: tripleo::profile::base::cinder::volume::rbd
#
# Cinder Volume rbd profile for tripleo
#
# === Parameters
#
# [*backend_name*]
# (Optional) List of names given to the Cinder backend stanza.
# Defaults to lookup('cinder::backend::rbd::volume_backend_name', undef, undef, ['tripleo_ceph'])
#
# [*backend_availability_zone*]
# (Optional) Availability zone for this volume backend
# Defaults to lookup('cinder::backend::rbd::backend_availability_zone', undef, undef, undef)
#
# [*cinder_rbd_backend_host*]
# (Optional) String to use as backend_host in the backend stanza
# Defaults to lookup('cinder::backend_host', undef, undef, lookup('cinder::host', undef, undef, $::hostname))
#
# [*cinder_rbd_ceph_conf*]
# (Optional) The path to the Ceph cluster config file
# Defaults to '/etc/ceph/ceph.conf'
#
# [*cinder_rbd_pool_name*]
# (Optional) The name of the RBD pool to use
# Defaults to 'volumes'
#
# [*cinder_rbd_extra_pools*]
# (Optional) List of additional pools to use for Cinder. A separate RBD
# backend is created for each additional pool.
# Defaults to undef
#
# [*cinder_rbd_secret_uuid*]
# (Optional) UUID of the of the libvirt secret storing the Cephx key
# Defaults to undef
#
# [*cinder_rbd_user_name*]
# (Optional) The user name for the RBD client
# Defaults to 'openstack'
#
# [*cinder_rbd_flatten_volume_from_snapshot*]
# (Optional) Whether volumes created from a snapshot should be flattened
# in order to remove a dependency on the snapshot.
# Defaults to lookup('cinder::backend::rbd::flatten_volume_from_snapshot, undef, undef, undef)
#
# [*multi_config*]
# (Optional) A config hash when multiple backends are used.
# Defaults to {}
#
# [*extra_options*]
# (optional) Hash of extra options to configure for the RBD backends.
# Example: { 'tripleo_ceph/param1' => { 'value' => value1 } }
# Defaults to: {}
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
# Defaults to Integer(lookup('step'))
#
class tripleo::profile::base::cinder::volume::rbd (
$backend_name = lookup('cinder::backend::rbd::volume_backend_name', undef, undef, ['tripleo_ceph']),
$backend_availability_zone = lookup('cinder::backend::rbd::backend_availability_zone', undef, undef, undef),
# lint:ignore:parameter_documentation
$cinder_rbd_backend_host = lookup('cinder::backend_host', undef, undef, lookup('cinder::host',
undef, undef, $::hostname)),
# lint:endignore
$cinder_rbd_ceph_conf = lookup('cinder::backend::rbd::rbd_ceph_conf', undef, undef, '/etc/ceph/ceph.conf'),
$cinder_rbd_pool_name = 'volumes',
$cinder_rbd_extra_pools = undef,
$cinder_rbd_secret_uuid = undef,
$cinder_rbd_user_name = 'openstack',
$cinder_rbd_flatten_volume_from_snapshot = lookup('cinder::backend::rbd::flatten_volume_from_snapshot', undef, undef, undef),
$multi_config = {},
$extra_options = {},
$step = Integer(lookup('step')),
) {
include tripleo::profile::base::cinder::volume
if $step >= 4 {
$backend_defaults = {
'CephClusterFSID' => $cinder_rbd_secret_uuid,
'CephClientUserName' => $cinder_rbd_user_name,
'CinderRbdAvailabilityZone' => $backend_availability_zone,
'CinderRbdPoolName' => $cinder_rbd_pool_name,
'CinderRbdExtraPools' => $cinder_rbd_extra_pools,
'CinderRbdFlattenVolumeFromSnapshot' => $cinder_rbd_flatten_volume_from_snapshot,
}
$backends_array = any2array($backend_name)
$backends_array.each |String $backend| {
$backend_multi_config = pick($multi_config[$backend], {})
$multi_config_cluster = $backend_multi_config['CephClusterName']
if $multi_config_cluster {
$backend_ceph_conf = "/etc/ceph/${multi_config_cluster}.conf"
} else {
$backend_ceph_conf = $cinder_rbd_ceph_conf
}
# Ensure extra_options are only applied once.
if $backend == $backends_array[0] {
$extra_options_real = $extra_options
} else {
$extra_options_real = undef
}
$backend_config = merge($backend_defaults, $backend_multi_config)
create_resources('cinder::backend::rbd', { $backend => delete_undef_values({
'backend_availability_zone' => $backend_config['CinderRbdAvailabilityZone'],
'backend_host' => $cinder_rbd_backend_host,
'rbd_ceph_conf' => $backend_ceph_conf,
'rbd_pool' => $backend_config['CinderRbdPoolName'],
'rbd_user' => $backend_config['CephClientUserName'],
'rbd_secret_uuid' => $backend_config['CephClusterFSID'],
'rbd_flatten_volume_from_snapshot' => $backend_config['CinderRbdFlattenVolumeFromSnapshot'],
'extra_options' => $extra_options_real,
})})
any2array($backend_config['CinderRbdExtraPools']).each |String $pool_name| {
create_resources('cinder::backend::rbd', { "${backend}_${pool_name}" => delete_undef_values({
'backend_availability_zone' => $backend_config['CinderRbdAvailabilityZone'],
'backend_host' => $cinder_rbd_backend_host,
'rbd_ceph_conf' => $backend_ceph_conf,
'rbd_pool' => $pool_name,
'rbd_user' => $backend_config['CephClientUserName'],
'rbd_secret_uuid' => $backend_config['CephClusterFSID'],
'rbd_flatten_volume_from_snapshot' => $backend_config['CinderRbdFlattenVolumeFromSnapshot'],
})})
}
}
}
}

279
manifests/profile/base/database/mysql.pp
View File

@ -1,279 +0,0 @@
# Copyright 2016 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: tripleo::profile::base::database::mysql
#
# MySQL profile for tripleo
#
# === Parameters
#
# [*bind_address*]
# (Optional) The address that the local mysql instance should bind to.
# Defaults to $::hostname
#
# [*bootstrap_node*]
# (Optional) The hostname of the node responsible for bootstrapping tasks
# Defaults to lookup('mysql_short_bootstrap_node_name', undef, undef, undef)
#
# [*certificate_specs*]
# (Optional) The specifications to give to certmonger for the certificate
# it will create. Note that the certificate nickname must be 'mysql' in
# the case of this service.
# Example with hiera:
# tripleo::profile::base::database::mysql::certificate_specs:
# hostname: <overcloud controller fqdn>
# service_certificate: <service certificate path>
# service_key: <service key path>
# principal: "mysql/<overcloud controller fqdn>"
# Defaults to {}.
#
# [*cipher_list*]
# (Optional) When enable_internal_tls is true, defines the list of allowed
# ciphers for the mysql server.
# Defaults to '!SSLv2:kEECDH:kRSA:kEDH:kPSK:+3DES:!aNULL:!eNULL:!MD5:!EXP:!RC4:!SEED:!IDEA:!DES:!SSLv3:!TLSv1'
#
# [*enable_internal_tls*]
# (Optional) Whether TLS in the internal network is enabled or not.
# Defaults to lookup('enable_internal_tls', undef, undef, false)
#
# [*innodb_buffer_pool_size*]
# (Optional) Configure the size of the MySQL buffer pool.
# Defaults to lookup('innodb_buffer_pool_size', undef, undef, undef)
#
# [*innodb_log_file_size*]
# (Optional) Configure the size in bytes of each log file in a log group.
# Defaults to undef.
#
# [*innodb_flush_method*]
# (Optional) Defines the method used to flush data to InnoDB data files and log files.
# Defaults to undef.
#
# [*innodb_lock_wait_timeout*]
# (Option) Time in seconds that an InnoDB transaction waits for an InnoDB row lock (not table lock).
# When this occurs, the statement (not transaction) is rolled back.
# Defaults to undef.
#
# [*innodb_strict_mode*]
# (Optional) InnoDB strict mode enforcement. When set to 'ON', InnoDB
# performs validity checks on DDL statements such as table creation,
# or table row size. When set to 'OFF', the same checks only return
# warnings rather than error.
# Defaults to lookup('innodb_strict_mode', undef, undef, 'OFF')
#
# [*table_open_cache*]
# (Optional) Configure the number of open tables for all threads.
# Increasing this value increases the number of file descriptors that mysqld requires.
# Defaults to undef.
#
# [*manage_resources*]
# (Optional) Whether or not manage root user, root my.cnf, and service.
# Defaults to true
#
# [*mysql_server_options*]
# (Optional) Extras options to deploy MySQL. Useful when deploying Galera cluster.
# Should be an hash.
# Defaults to {}
#
# [*mysql_max_connections*]
# (Optional) Maximum number of connections to MySQL.
# Defaults to lookup('mysql_max_connections', undef, undef, undef)
#
# [*mysql_auth_ed25519*]
# (Optional) Use MariaDB's ed25519 authentication plugin to authenticate
# a user when connecting to the server
# Defaults to lookup('mysql_auth_ed25519', undef, undef, false)
#
# [*remove_default_accounts*]
# (Optional) Whether or not remove default MySQL accounts.
# Defaults to true
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
# Defaults to Integer(lookup('step'))
#
#
class tripleo::profile::base::database::mysql (
$bind_address = $::hostname,
$bootstrap_node = lookup('mysql_short_bootstrap_node_name', undef, undef, undef),
$certificate_specs = {},
$cipher_list = '!SSLv2:kEECDH:kRSA:kEDH:kPSK:+3DES:!aNULL:!eNULL:!MD5:!EXP:!RC4:!SEED:!IDEA:!DES:!SSLv3:!TLSv1',
$enable_internal_tls = lookup('enable_internal_tls', undef, undef, false),
$innodb_buffer_pool_size = lookup('innodb_buffer_pool_size', undef, undef, undef),
$innodb_log_file_size = undef,
$innodb_lock_wait_timeout = lookup('innodb_lock_wait_timeout', undef, undef, undef),
$innodb_strict_mode = lookup('innodb_strict_mode', undef, undef, 'OFF'),
$table_open_cache = undef,
$innodb_flush_method = undef,
$manage_resources = true,
$mysql_server_options = {},
$mysql_max_connections = lookup('mysql_max_connections', undef, undef, undef),
$mysql_auth_ed25519 = lookup('mysql_auth_ed25519', undef, undef, false),
$remove_default_accounts = true,
$step = Integer(lookup('step')),
) {
if $bootstrap_node and $::hostname == downcase($bootstrap_node) {
$sync_db = true
} else {
$sync_db = false
}
validate_legacy(Hash, 'validate_hash', $mysql_server_options)
validate_legacy(Hash, 'validate_hash', $certificate_specs)
if $enable_internal_tls {
$tls_certfile = $certificate_specs['service_certificate']
$tls_keyfile = $certificate_specs['service_key']
$tls_cipher_list = $cipher_list
# Force users/grants created to use TLS connections
Openstacklib::Db::Mysql <||> { tls_options => ['SSL'] }
} else {
$tls_certfile = undef
$tls_keyfile = undef
$tls_cipher_list = undef
}
# non-ha scenario
if $manage_resources {
$mysql_step = 2
} else {
# ha scenario
$mysql_step = 1
}
if $step >= $mysql_step {
if str2bool(lookup('enable_galera', undef, undef, true)) {
$mysql_config_file = '/etc/my.cnf.d/galera.cnf'
} else {
$mysql_config_file = '/etc/my.cnf.d/server.cnf'
}
# TODO Galera
# FIXME: due to https://bugzilla.redhat.com/show_bug.cgi?id=1298671 we
# set bind-address to a hostname instead of an ip address; to move Mysql
# from internal_api on another network we'll have to customize both
# MysqlNetwork and ControllerHostnameResolveNetwork in ServiceNetMap
$mysql_server_default = {
'mysqld' => {
'bind-address' => $bind_address,
'max_connections' => $mysql_max_connections,
'open_files_limit' => '65536',
'innodb_buffer_pool_size' => $innodb_buffer_pool_size,
'innodb_file_per_table' => 'ON',
'innodb_log_file_size' => $innodb_log_file_size,
'innodb_lock_wait_timeout' => $innodb_lock_wait_timeout,
'innodb_strict_mode' => $innodb_strict_mode,
'log_warnings' => '1',
'table_open_cache' => $table_open_cache,
'innodb_flush_method' => $innodb_flush_method,
'query_cache_size' => '0',
'query_cache_type' => '0',
'ssl' => $enable_internal_tls,
'ssl-key' => $tls_keyfile,
'ssl-cert' => $tls_certfile,
'ssl-cipher' => $tls_cipher_list,
'ssl-ca' => undef,
'plugin_load_add' => 'auth_ed25519',
}
}
$mysql_server_options_real = deep_merge($mysql_server_default, $mysql_server_options)
class { 'mysql::server':
config_file => $mysql_config_file,
override_options => $mysql_server_options_real,
create_root_user => $manage_resources,
create_root_my_cnf => $manage_resources,
service_manage => $manage_resources,
service_enabled => $manage_resources,
remove_default_accounts => $remove_default_accounts,
}
}
$service_names = lookup('enabled_services', undef, undef, undef)
if $service_names {
tripleo::profile::base::database::mysql::users { $service_names: }
}
if $step >= 2 and $sync_db {
Class['mysql::server'] -> Mysql_database<||>
if ($manage_resources) {
# the mysql module handles password for user 'root@localhost', but it
# doesn't modify 'root@%'. So make sure this user password is managed
# as well by creating a resource appropriately.
mysql_user { 'root@%':
ensure => present,
password_hash => mysql::password(lookup('mysql::server::root_password')),
}
}
if ($mysql_auth_ed25519) {
['root@localhost', 'root@%'].each |$user| {
Mysql_user<| title == $user |> {
plugin => 'ed25519',
password_hash => mysql_ed25519_password(lookup('mysql::server::root_password'))
}
}
}
# Note: use 'include_and_check_auth' below rather than 'include'
# to support ed25519 authentication
if lookup('aodh_api_enabled', undef, undef, false) {
tripleo::profile::base::database::mysql::include_and_check_auth{'aodh::db::mysql':}
}
if lookup('cinder_api_enabled', undef, undef, false) {
tripleo::profile::base::database::mysql::include_and_check_auth{'cinder::db::mysql':}
}
if lookup('barbican_api_enabled', undef, undef, false) {
tripleo::profile::base::database::mysql::include_and_check_auth{'barbican::db::mysql':}
}
if lookup('designate_api_enabled', undef, undef, false) {
tripleo::profile::base::database::mysql::include_and_check_auth{'designate::db::mysql':}
}
if lookup('glance_api_enabled', undef, undef, false) {
tripleo::profile::base::database::mysql::include_and_check_auth{'glance::db::mysql':}
}
if lookup('gnocchi_api_enabled', undef, undef, false) {
tripleo::profile::base::database::mysql::include_and_check_auth{'gnocchi::db::mysql':}
}
if lookup('heat_engine_enabled', undef, undef, false) {
tripleo::profile::base::database::mysql::include_and_check_auth{'heat::db::mysql':}
}
if lookup('ironic_api_enabled', undef, undef, false) {
tripleo::profile::base::database::mysql::include_and_check_auth{'ironic::db::mysql':}
}
if lookup('ironic_inspector_enabled', undef, undef, false) {
tripleo::profile::base::database::mysql::include_and_check_auth{'ironic::inspector::db::mysql':}
}
if lookup('keystone_enabled', undef, undef, false) {
tripleo::profile::base::database::mysql::include_and_check_auth{'keystone::db::mysql':}
}
if lookup('manila_api_enabled', undef, undef, false) {
tripleo::profile::base::database::mysql::include_and_check_auth{'manila::db::mysql':}
}
if lookup('neutron_api_enabled', undef, undef, false) {
tripleo::profile::base::database::mysql::include_and_check_auth{'neutron::db::mysql':}
}
if lookup('nova_conductor_enabled', undef, undef, false) {
tripleo::profile::base::database::mysql::include_and_check_auth{'nova::db::mysql':}
}
if lookup('nova_api_enabled', undef, undef, false) {
tripleo::profile::base::database::mysql::include_and_check_auth{'nova::db::mysql_api':}
}
if lookup('placement_enabled', undef, undef, false) {
tripleo::profile::base::database::mysql::include_and_check_auth{'placement::db::mysql':}
}
if lookup('octavia_api_enabled', undef, undef, false) {
tripleo::profile::base::database::mysql::include_and_check_auth{'octavia::db::mysql':}
}
}
}

104
manifests/profile/base/database/mysql/client.pp
View File

@ -1,104 +0,0 @@
# Copyright 2016 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: tripleo::profile::base::haproxy
#
# Loadbalancer profile for tripleo
#
# === Parameters
#
# [*enable_ssl*]
# (Optional) Whether SSL should be used for the connection to the server or
# not.
# Defaults to false
#
# [*mysql_read_default_file*]
# (Optional) Name of the file that will be passed to pymysql connection strings
# Defaults to '/etc/my.cnf.d/tripleo.cnf'
#
# [*mysql_read_default_group*]
# (Optional) Name of the ini section to be passed to pymysql connection strings
# Defaults to 'tripleo'
#
# [*mysql_client_bind_address*]
# (Optional) Client IP address of the host that will be written in the mysql_read_default_file
# Defaults to undef
#
# [*ssl_ca*]
# (Optional) The SSL CA file to use to verify the MySQL server's certificate.
# Defaults to '/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt'
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
# Defaults to Integer(lookup('step'))
#
class tripleo::profile::base::database::mysql::client (
$enable_ssl = false,
$mysql_read_default_file = '/etc/my.cnf.d/tripleo.cnf',
$mysql_read_default_group = 'tripleo',
$mysql_client_bind_address = undef,
$ssl_ca = '/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt',
$step = Integer(lookup('step')),
) {
if $step >= 1 {
if $mysql_client_bind_address =~ Stdlib::Compat::Ip_address {
$client_bind_changes = [
"set ${mysql_read_default_group}/bind-address '${mysql_client_bind_address}'"
]
} else {
$client_bind_changes = [
"rm ${mysql_read_default_group}/bind-address"
]
}
if $enable_ssl {
$changes_ssl = [
"set ${mysql_read_default_group}/ssl '1'",
"set ${mysql_read_default_group}/ssl-ca '${ssl_ca}'",
'set client/ssl \'1\'',
"set client/ssl-ca '${ssl_ca}'"
]
} else {
$changes_ssl = [
"rm ${mysql_read_default_group}/ssl",
"rm ${mysql_read_default_group}/ssl-ca",
'rm client/ssl',
'rm client/ssl-ca'
]
}
$conf_changes = union($client_bind_changes, $changes_ssl)
# When generating configuration with docker-puppet, services do
# not include any profile that would ensure creation of /etc/my.cnf.d,
# so we enforce the check here.
file {'/etc/my.cnf.d':
ensure => 'directory'
}
file { $mysql_read_default_file:
ensure => file,
}
augeas { 'tripleo-mysql-client-conf':
incl => $mysql_read_default_file,
lens => 'Puppet.lns',
changes => $conf_changes,
require => File[$mysql_read_default_file],
}
# If a profile created a file resource for the parent directory,
# ensure it is being run before the config file generation
File<| title == '/etc/my.cnf.d' |> -> Augeas['tripleo-mysql-client-conf']
}
}

49
manifests/profile/base/database/mysql/include_and_check_auth.pp
View File

@ -1,49 +0,0 @@
# Copyright 2016 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: include_and_check_auth
#
# Include an OpenStack MySQL profile and configures it for alternative
# client authentication like e.g. ed25519
#
# === Parameters
#
# [*module*]
# (Optional) The puppet module to include
# Defaults to $title
#
# [*mysql_auth_ed25519*]
# (Optional) Use MariaDB's ed25519 authentication plugin to authenticate
# a user when connecting to the server
# Defaults to lookup('mysql_auth_ed25519', undef, undef, false)
#
define tripleo::profile::base::database::mysql::include_and_check_auth(
$module = $title,
$mysql_auth_ed25519 = lookup('mysql_auth_ed25519', undef, undef, false),
) {
include $module
if ($mysql_auth_ed25519) {
# currently all openstack puppet modules create MySQL users
# by hashing their password for the default auth method.
# If ed25519 auth is enabled, we must hash the password
# differently; so do it with a collector until all
# openstack modules support ed25519 auth natively.
$stripped_module_name = regsubst($module,'^::','')
$password_key = "${stripped_module_name}::password"
Openstacklib::Db::Mysql<| tag == $stripped_module_name |> {
plugin => 'ed25519',
password_hash => mysql_ed25519_password(lookup($password_key))
}
}
}

62
manifests/profile/base/database/mysql/user.pp
View File

@ -1,62 +0,0 @@
# The tripleo::profile::base::database::mysql::user resource implements
# a generic resource to create databases, users and grants in MySQL
#
# == parameters
#
# [*password*]
# (Required) Password to connect to the database.
#
# [*dbname*]
# (Required) Name of the database.
#
# [*user*]
# (Required) User to connect to the database.
#
# [*host*]
# (Optional) The default source host user is allowed to connect from.
# Defaults to '127.0.0.1'
#
# [*allowed_hosts*]
# (Optional) Other hosts the user is allowed to connect from.
# Defaults to 'undef'.
#
# [*charset*]
# (Optional) The database charset.
# Defaults to 'utf8'
#
# [*collate*]
# (Optional) The database collate.
# Only used with mysql modules >= 2.2.
# Defaults to 'utf8_general_ci'
#
# == Dependencies
# Class['mysql::server']
#
# == Examples
#
# == Authors
#
# == Copyright
#
define tripleo::profile::base::database::mysql::user (
$password,
$dbname,
$user,
$host = '127.0.0.1',
$charset = 'utf8',
$collate = 'utf8_general_ci',
$allowed_hosts = undef
) {
validate_legacy(String, 'validate_string', $password)
::openstacklib::db::mysql { $title :
user => $user,
password => $password,
dbname => $dbname,
host => $host,
charset => $charset,
collate => $collate,
allowed_hosts => $allowed_hosts,
}
}

37
manifests/profile/base/database/mysql/users.pp
View File

@ -1,37 +0,0 @@
# Copyright 2017 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Define: tripleo::haproxy::service_endpoints
#
# Define used to create haproxyendpoints for composable services.
#
# === Parameters:
#
# [*service_name*]
# (optional) The service_name to create the myql resources for.
# Defaults to $title
#
define tripleo::profile::base::database::mysql::users ($service_name = $title) {
$underscore_name = regsubst($service_name, '-', '_', 'G')
# This allows each composable service to load its own custom rules by
# creating its own flat hiera key named:
# tripleo::<service name with underscores>::mysql_user
$mysql_users = lookup("tripleo::${underscore_name}::mysql_user", undef, undef, undef)
if $mysql_users {
ensure_resource('tripleo::profile::base::database::mysql::user', $service_name, $mysql_users)
}
}

119
manifests/profile/base/database/redis.pp
View File

@ -1,119 +0,0 @@
# Copyright 2016 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: tripleo::profile::base::database::redis
#
# Redis profile for tripleo
#
# === Parameters
#
# [*certificate_specs*]
# (Optional) The specifications to give to certmonger for the certificate(s)
# it will create.
# Example with hiera:
# redis_certificate_specs:
# hostname: <overcloud controller fqdn>
# service_certificate: <service certificate path>
# service_key: <service key path>
# principal: "haproxy/<overcloud controller fqdn>"
# Defaults to lookup('redis_certificate_specs', undef, undef, {}).
#
# [*enable_internal_tls*]
# (Optional) Whether TLS in the internal network is enabled or not.
# Defaults to lookup('enable_internal_tls', undef, undef, false)
#
# [*redis_network*]
# (Optional) The network name where the redis endpoint is listening on.
# This is set by t-h-t.
# Defaults to lookup('redis_network', undef, undef, undef)
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
# Defaults to Integer(lookup('step'))
#
# [*pacemaker_managed*]
# (Optional) Whether the redis service is managed by Pacemaker
# Defaults to false
#
# [*tls_tunnel_local_name*]
# (Optional) When TLS proxy is in use, name of the localhost to forward
# unencryption Redis traffic to.
# This is set by t-h-t.
# Defaults to 'localhost'
#
# [*tls_proxy_bind_ip*]
# IP on which the TLS proxy will listen on. Required only if
# enable_internal_tls is set.
# Defaults to undef
#
# [*tls_proxy_fqdn*]
# fqdn on which the tls proxy will listen on. required only used if
# enable_internal_tls is set.
# defaults to undef
#
# [*tls_proxy_port*]
# port on which the tls proxy will listen on. Only used if
# enable_internal_tls is set.
# defaults to 6379
#
class tripleo::profile::base::database::redis (
$certificate_specs = lookup('redis_certificate_specs', undef, undef, {}),
$enable_internal_tls = lookup('enable_internal_tls', undef, undef, false),
$redis_network = lookup('redis_network', undef, undef, undef),
$step = Integer(lookup('step')),
$pacemaker_managed = false,
$tls_tunnel_local_name = 'localhost',
$tls_proxy_bind_ip = undef,
$tls_proxy_fqdn = undef,
$tls_proxy_port = 6379,
) {
# When Redis is managed by pacemaker then the configuration is generated
# before cluster is being set up.
if $pacemaker_managed {
$redis_step = 1
} else {
$redis_step = 2
}
if $step >= $redis_step {
if $enable_internal_tls {
if !$redis_network {
fail('redis_network is not set in the hieradata.')
}
if !$tls_proxy_bind_ip {
fail('tls_proxy_bind_ip is not set in the hieradata.')
}
if !$tls_proxy_fqdn {
fail('tls_proxy_fqdn is required if internal TLS is enabled.')
}
$tls_certfile = $certificate_specs['service_certificate']
$tls_keyfile = $certificate_specs['service_key']
include tripleo::stunnel
tripleo::stunnel::service_proxy { 'redis':
accept_host => $tls_proxy_bind_ip,
accept_port => $tls_proxy_port,
connect_host => $tls_tunnel_local_name,
connect_port => $tls_proxy_port,
certificate => $tls_certfile,
key => $tls_keyfile,
notify => Class['redis'],
}
}
include redis
}
}

139
manifests/profile/base/designate.pp
View File

@ -1,139 +0,0 @@
# Copyright 2016 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: tripleo::profile::base::designate
#
# Designate server profile for tripleo
#
# === Parameters
#
# [*step*]
# (Optional) The current step of the deployment
# Defaults to Integer(lookup('step'))
#
# [*oslomsg_rpc_proto*]
# Protocol driver for the oslo messaging rpc service
# Defaults to lookup('oslo_messaging_rpc_scheme', undef, undef, 'rabbit')
#
# [*oslomsg_rpc_hosts*]
# list of the oslo messaging rpc host fqdns
# Defaults to any2array(lookup('oslo_messaging_rpc_node_names', undef, undef, undef))
#
# [*oslomsg_rpc_port*]
# IP port for oslo messaging rpc service
# Defaults to lookup('oslo_messaging_rpc_port', undef, undef, '5672')
#
# [*oslomsg_rpc_username*]
# Username for oslo messaging rpc service
# Defaults to lookup('oslo_messaging_rpc_user_name', undef, undef, 'guest')
#
# [*oslomsg_rpc_password*]
# Password for oslo messaging rpc service
# Defaults to lookup('oslo_messaging_rpc_password')
#
# [*oslomsg_rpc_use_ssl*]
# Enable ssl oslo messaging services
# Defaults to lookup('oslo_messaging_rpc_use_ssl', undef, undef, '0')
#
# [*oslomsg_notify_proto*]
# Protocol driver for the oslo messaging notify service
# Defaults to lookup('oslo_messaging_notify_scheme', undef, undef, 'rabbit')
#
# [*oslomsg_notify_hosts*]
# list of the oslo messaging notify host fqdns
# Defaults to any2array(lookup('oslo_messaging_notify_node_names', undef, undef, undef))
#
# [*oslomsg_notify_port*]
# IP port for oslo messaging notify service
# Defaults to lookup('oslo_messaging_notify_port', undef, undef, '5672')
#
# [*oslomsg_notify_username*]
# Username for oslo messaging notify service
# Defaults to lookup('oslo_messaging_notify_user_name', undef, undef, 'guest')
#
# [*oslomsg_notify_password*]
# Password for oslo messaging notify service
# Defaults to lookup('oslo_messaging_notify_password')
#
# [*oslomsg_notify_use_ssl*]
# Enable ssl oslo messaging services
# Defaults to lookup('oslo_messaging_notify_use_ssl', undef, undef, '0')
#
# [* DEPRECATED PARAMETERS *]
#
# [*rndc_host*]
# The address on which rndc should listen
# Defaults to undef
#
# [*rndc_port*]
# The port on which rndc should listen
# Defaults undef
#
# [*rndc_keys*]
# A list of keys that rndc should accept
# Defaults to undef
#
# [*rndc_allowed_addresses*]
# A list of addresses that are allowed to send rndc commands
# Defaults to undef
#
class tripleo::profile::base::designate (
$step = Integer(lookup('step')),
$oslomsg_rpc_proto = lookup('oslo_messaging_rpc_scheme', undef, undef, 'rabbit'),
$oslomsg_rpc_hosts = any2array(lookup('oslo_messaging_rpc_node_names', undef, undef, undef)),
$oslomsg_rpc_password = lookup('oslo_messaging_rpc_password'),
$oslomsg_rpc_port = lookup('oslo_messaging_rpc_port', undef, undef, '5672'),
$oslomsg_rpc_username = lookup('oslo_messaging_rpc_user_name', undef, undef, 'guest'),
$oslomsg_rpc_use_ssl = lookup('oslo_messaging_rpc_use_ssl', undef, undef, '0'),
$oslomsg_notify_proto = lookup('oslo_messaging_notify_scheme', undef, undef, 'rabbit'),
$oslomsg_notify_hosts = any2array(lookup('oslo_messaging_notify_node_names', undef, undef, undef)),
$oslomsg_notify_password = lookup('oslo_messaging_notify_password'),
$oslomsg_notify_port = lookup('oslo_messaging_notify_port', undef, undef, '5672'),
$oslomsg_notify_username = lookup('oslo_messaging_notify_user_name', undef, undef, 'guest'),
$oslomsg_notify_use_ssl = lookup('oslo_messaging_notify_use_ssl', undef, undef, '0'),
# DEPRECATED PARAMETERS
$rndc_host = undef,
$rndc_port = undef,
$rndc_keys = undef,
$rndc_allowed_addresses = undef,
) {
if $step >= 3 {
$oslomsg_rpc_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_rpc_use_ssl)))
$oslomsg_notify_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_notify_use_ssl)))
class { 'designate' :
default_transport_url => os_transport_url({
'transport' => $oslomsg_rpc_proto,
'hosts' => $oslomsg_rpc_hosts,
'port' => $oslomsg_rpc_port,
'username' => $oslomsg_rpc_username,
'password' => $oslomsg_rpc_password,
'ssl' => $oslomsg_rpc_use_ssl_real,
}),
notification_transport_url => os_transport_url({
'transport' => $oslomsg_notify_proto,
'hosts' => $oslomsg_notify_hosts,
'port' => $oslomsg_notify_port,
'username' => $oslomsg_notify_username,
'password' => $oslomsg_notify_password,
'ssl' => $oslomsg_notify_use_ssl_real,
}),
}
if ($rndc_host or $rndc_allowed_addresses or $rndc_keys or $rndc_allowed_addresses) {
warning('rndc/named configuration through puppet is no longer supported.')
}
include designate::config
include designate::logging
include designate::network_api::neutron
}
}

105
manifests/profile/base/designate/api.pp
View File

@ -1,105 +0,0 @@
# Copyright 2017 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: tripleo::profile::base::designate::api
#
# Designate API server profile for tripleo
#
# === Parameters
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
# Defaults to Integer(lookup('step'))
#
# [*certificates_specs*]
# (Optional) The specifications to give to certmonger for the certificate(s)
# it will create.
# Example with hiera:
# apache_certificates_specs:
# httpd-internal_api:
# hostname: <overcloud controller fqdn>
# service_certificate: <service certificate path>
# service_key: <service key path>
# principal: "haproxy/<overcloud controller fqdn>"
# Defaults to lookup('apache_certificates_specs', undef, undef, {}).
#
# [*enable_internal_tls*]
# (Optional) Whether TLS in the internal network is enabled or not.
# Defaults to lookup('enable_internal_tls', undef, undef, false)
#
# [*designate_network*]
# (Optional) The network name where the designate endpoint is listening on.
# This is set by t-h-t.
# Defaults to lookup('designate_api_network', undef, undef, undef)
#
# DEPRECATED PARAMETERS
#
# [*listen_ip*]
# (Optional) The IP on which the API should listen. (now set by hiera via
# designate::wsgi::apache)
# Defaults to undef
#
# [*listen_port*]
# (Optional) The port on which the API should listen. (no longer needed,
# listen port gets default value from designate::wsgi::apache)
# Defaults to undef
#
# [*configure_apache*]
# (Optional) Whether apache is configured via puppet or not.
# Defaults to lookup('configure_apache', undef, undef, true)
#
class tripleo::profile::base::designate::api (
$step = Integer(lookup('step')),
$certificates_specs = lookup('apache_certificates_specs', undef, undef, {}),
$enable_internal_tls = lookup('enable_internal_tls', undef, undef, false),
$designate_network = lookup('designate_api_network', undef, undef, undef),
$listen_ip = undef,
$listen_port = undef,
$configure_apache = lookup('configure_apache', undef, undef, true),
) {
include tripleo::profile::base::designate
include tripleo::profile::base::designate::authtoken
if $enable_internal_tls {
if !$designate_network {
fail('designate_api_network is not set in the hieradata.')
}
$tls_certfile = $certificates_specs["httpd-${designate_network}"]['service_certificate']
$tls_keyfile = $certificates_specs["httpd-${designate_network}"]['service_key']
} else {
$tls_certfile = undef
$tls_keyfile = undef
}
if ($step >= 3) {
# TODO: remove once the tripleo heat template changes merge
if $listen_ip and $listen_port {
$listen_uri = normalize_ip_for_uri($listen_ip)
class { 'designate::api':
listen => "${listen_uri}:${listen_port}"
}
} else {
if $configure_apache {
include tripleo::profile::base::apache
class { 'designate::wsgi::apache':
ssl_cert => $tls_certfile,
ssl_key => $tls_keyfile
}
}
include designate::api
}
include designate::healthcheck
}
}

84
manifests/profile/base/designate/authtoken.pp
View File

@ -1,84 +0,0 @@
# Copyright 2020 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: tripleo::profile::base::designate::authtoken
#
# Designate authtoken profile for TripleO
#
# === Parameters
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
# Defaults to Integer(lookup('step'))
#
# [*memcached_hosts*]
# (Optional) Array of hostnames, ipv4 or ipv6 addresses for memcache.
# Defaults to lookup('memcached_node_names', undef, undef, [])
#
# [*memcached_port*]
# (Optional) Memcached port to use.
# Defaults to lookup('memcached_authtoken_port', undef, undef, 11211)
#
# [*memcached_ipv6*]
# (Optional) Whether Memcached uses IPv6 network instead of IPv4 network.
# Defaults to lookup('memcached_ipv6', undef, undef, false)
#
# [*security_strategy*]
# (Optional) Memcached (authtoken) security strategy.
# Defaults to lookup('memcached_authtoken_security_strategy', undef, undef, undef)
#
# [*secret_key*]
# (Optional) Memcached (authtoken) secret key, used with security_strategy.
# The key is hashed with a salt, to isolate services.
# Defaults to lookup('memcached_authtoken_secret_key', undef, undef, undef)
#
# DEPRECATED PARAMETERS
#
# [*memcached_ips*]
# (Optional) Array of ipv4 or ipv6 addresses for memcache.
# Defaults to undef
#
class tripleo::profile::base::designate::authtoken (
$step = Integer(lookup('step')),
$memcached_hosts = lookup('memcached_node_names', undef, undef, []),
$memcached_port = lookup('memcached_authtoken_port', undef, undef, 11211),
$memcached_ipv6 = lookup('memcached_ipv6', undef, undef, false),
$security_strategy = lookup('memcached_authtoken_security_strategy', undef, undef, undef),
$secret_key = lookup('memcached_authtoken_secret_key', undef, undef, undef),
# DEPRECATED PARAMETERS
$memcached_ips = undef
) {
$memcached_hosts_real = any2array(pick($memcached_ips, $memcached_hosts))
if $step >= 3 {
if $memcached_ipv6 or $memcached_hosts_real[0] =~ Stdlib::Compat::Ipv6 {
$memcache_servers = $memcached_hosts_real.map |$server| { "inet6:[${server}]:${memcached_port}" }
} else {
$memcache_servers = suffix($memcached_hosts_real, ":${memcached_port}")
}
if $secret_key {
$hashed_secret_key = sha256("${secret_key}+designate")
} else {
$hashed_secret_key = undef
}
class { 'designate::keystone::authtoken':
memcached_servers => $memcache_servers,
memcache_security_strategy => $security_strategy,
memcache_secret_key => $hashed_secret_key,
}
}
}

43
manifests/profile/base/designate/backend.pp
View File

@ -1,43 +0,0 @@
# Copyright 2021 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: tripleo::profile::base::designate::backend
#
# Designate backend profile for tripleo
#
# === Parameters
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
# Defaults to Integer(lookup('step'))
#
# [*backend*]
# (Optional) Specify a backend used.
# Defaults to lookup('designate_backend', undef, undef, 'bind9'),
#
class tripleo::profile::base::designate::backend (
$step = Integer(lookup('step')),
$backend = lookup('designate_backend', undef, undef, 'bind9'),
) {
if $step >= 4 {
if $backend == 'bind9' {
class{ 'designate::backend::bind9':
configure_bind => false
}
} else {
fail("${backend} is not supported by designate")
}
}
}

63
manifests/profile/base/designate/central.pp
View File

@ -1,63 +0,0 @@
# Copyright 2017 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: tripleo::profile::base::designate::central
#
# Designate Central profile for tripleo
#
# === Parameters
#
# [*bootstrap_node*]
# (Optional) The hostname of the node responsible for bootstrapping tasks
# Defaults to lookup('designate_central_short_bootstrap_node_name', undef, undef, undef)
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
# Defaults to Integer(lookup('step'))
#
# DEPRECATED PARAMETERS
#
# [*pools_file_content*]
# (Optional) The content of /etc/designate/pools.yaml
# Defaults to the content of templates/designate/pools.yaml.erb
#
class tripleo::profile::base::designate::central (
$bootstrap_node = lookup('designate_central_short_bootstrap_node_name', undef, undef, undef),
$step = Integer(lookup('step')),
# DEPRECATED PARAMETERS
$pools_file_content = undef,
) {
if $bootstrap_node and $::hostname == downcase($bootstrap_node) {
$sync_db = true
} else {
$sync_db = false
}
if $pools_file_content {
warning('pool file content is no longer manually configurable')
}
include tripleo::profile::base::designate
include tripleo::profile::base::designate::coordination
if ($step >= 4 or ($step >= 3 and $sync_db)) {
class { 'designate::db':
sync_db => $sync_db,
}
include designate::central
include designate::quota
include designate::network_api::neutron
}
}

57
manifests/profile/base/designate/coordination.pp
View File

@ -1,57 +0,0 @@
# Copyright 2022 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: tripleo::profile::base::designate::coordination
#
# Designate Coordination profile for tripleo for setting coordination/redis
# related configuration.
#
# === Parameters
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
# Defaults to Integer(lookup('step'))
#
# [*designate_redis_password*]
# (Optional) Password for the neutron redis user for the coordination url
# Defaults to lookup('designate_redis_password', undef, undef, undef),
#
# [*redis_vip*]
# (Optional) Redis ip address for the coordination url
# Defaults to lookup('redis_vip', undef, undef, undef),
#
# [*enable_internal_tls*]
# (Optional) Whether TLS in the internal network is enabled or not.
# Defaults to lookup('enable_internal_tls', undef, undef, false)
#
class tripleo::profile::base::designate::coordination (
$step = Integer(lookup('step')),
$designate_redis_password = lookup('designate_redis_password', undef, undef, undef),
$redis_vip = lookup('redis_vip', undef, undef, undef),
$enable_internal_tls = lookup('enable_internal_tls', undef, undef, false),
) {
if $step >= 4 {
if $redis_vip {
if $enable_internal_tls {
$tls_query_param = '?ssl=true'
} else {
$tls_query_param = ''
}
class { 'designate::coordination':
backend_url => join(['redis://:', $designate_redis_password, '@', normalize_ip_for_uri($redis_vip), ':6379/', $tls_query_param])
}
}
}
}

33
manifests/profile/base/designate/mdns.pp
View File

@ -1,33 +0,0 @@
# Copyright 2017 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: tripleo::profile::base::designate::mdns
#
# Designate MiniDNS profile for tripleo
#
# === Parameters
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
# Defaults to Integer(lookup('step'))
#
class tripleo::profile::base::designate::mdns (
$step = Integer(lookup('step')),
) {
include tripleo::profile::base::designate
if $step >= 4 {
include designate::mdns
}
}

40
manifests/profile/base/designate/producer.pp
View File

@ -1,40 +0,0 @@
# Copyright 2017 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: tripleo::profile::base::designate::producer
#
# Designate Producer profile for tripleo
#
# === Parameters
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
# Defaults to Integer(lookup('step'))
#
class tripleo::profile::base::designate::producer (
$step = Integer(lookup('step')),
) {
include tripleo::profile::base::designate
include tripleo::profile::base::designate::coordination
if $step >= 4 {
include designate::producer
include designate::producer_task::delayed_notify
include designate::producer_task::periodic_exists
include designate::producer_task::periodic_secondary_refresh
include designate::producer_task::worker_periodic_recovery
include designate::producer_task::zone_purge
}
}

33
manifests/profile/base/designate/sink.pp
View File

@ -1,33 +0,0 @@
# Copyright 2017 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: tripleo::profile::base::designate::sink
#
# Designate Sink profile for tripleo
#
# === Parameters
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
# Defaults to Integer(lookup('step'))
#
class tripleo::profile::base::designate::sink (
$step = Integer(lookup('step')),
) {
include tripleo::profile::base::designate
if $step >= 4 {
include designate::sink
}
}

45
manifests/profile/base/designate/worker.pp
View File

@ -1,45 +0,0 @@
# Copyright 2017 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: tripleo::profile::base::designate::worker
#
# Designate Worker profile for tripleo
#
# === Parameters
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
# Defaults to Integer(lookup('step'))
#
# DEPRECATED PARAMETERS
#
# [*rndc_key*]
# (Optional) The base64-encoded key secret for /etc/rndc.key.
# Defaults to lookup('designate_rndc_key', undef, undef, false)
#
class tripleo::profile::base::designate::worker (
$step = Integer(lookup('step')),
# DEPRECATED PARAMETERS
$rndc_key = lookup('designate_rndc_key', undef, undef, false),
) {
include tripleo::profile::base::designate
if $step >= 4 {
if $rndc_key {
warning('Configuring rndc keys through puppet has been deprecated')
}
include designate::worker
}
}

98
manifests/profile/base/etcd.pp
View File

@ -1,98 +0,0 @@
# Copyright 2016 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: tripleo::profile::base::etcd
#
# etcd profile for tripleo
#
# === Parameters
#
# [*bind_ip*]
# (optional) IP to bind etcd service to.
# Defaults to '127.0.0.1'.
#
# [*client_port*]
# (optional) etcd client listening port.
# Defaults to '2379'.
#
# [*peer_port*]
# (optional) etcd peer listening port.
# Defaults to '2380'.
#
# [*nodes*]
# (Optional) Array of host(s) for etcd nodes.
# Defaults to lookup('etcd_node_ips', undef, undef, []).
#
# [*certificate_specs*]
# (Optional) The specifications to give to certmonger for the certificate
# it will create. Note that the certificate nickname must be 'etcd' in
# the case of this service.
# Example with hiera:
# tripleo::profile::base::etcd::certificate_specs:
# hostname: <overcloud controller fqdn>
# service_certificate: <service certificate path>
# service_key: <service key path>
# principal: "etcd/<overcloud controller fqdn>"
# Defaults to {}.
#
# [*enable_internal_tls*]
# (Optional) Whether TLS in the internal network is enabled or not.
# Defaults to lookup('enable_internal_tls', undef, undef, false)
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
# Defaults to Integer(lookup('step'))
#
class tripleo::profile::base::etcd (
$bind_ip = '127.0.0.1',
$client_port = '2379',
$peer_port = '2380',
$nodes = lookup('etcd_node_names', undef, undef, []),
$certificate_specs = {},
$enable_internal_tls = lookup('enable_internal_tls', undef, undef, false),
$step = Integer(lookup('step')),
) {
validate_legacy(Hash, 'validate_hash', $certificate_specs)
if $enable_internal_tls {
$tls_certfile = $certificate_specs['service_certificate']
$tls_keyfile = $certificate_specs['service_key']
$protocol = 'https'
} else {
$tls_certfile = undef
$tls_keyfile = undef
$protocol = 'http'
}
if $step >= 2 {
$bind_ip_normalized = normalize_ip_for_uri($bind_ip)
class {'etcd':
listen_client_urls => "${protocol}://${bind_ip_normalized}:${client_port}",
advertise_client_urls => "${protocol}://${bind_ip_normalized}:${client_port}",
listen_peer_urls => "${protocol}://${bind_ip_normalized}:${peer_port}",
initial_advertise_peer_urls => "${protocol}://${bind_ip_normalized}:${peer_port}",
initial_cluster => regsubst($nodes, '.+', "\\0=${protocol}://\\0:${peer_port}"),
proxy => 'off',
cert_file => $tls_certfile,
key_file => $tls_keyfile,
client_cert_auth => $enable_internal_tls,
peer_cert_file => $tls_certfile,
peer_key_file => $tls_keyfile,
peer_client_cert_auth => $enable_internal_tls,
}
}
}

317
manifests/profile/base/glance/api.pp
View File

@ -1,317 +0,0 @@
# Copyright 2016 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: tripleo::profile::base::glance::api
#
# Glance API profile for tripleo
#
# === Parameters
#
# [*bootstrap_node*]
# (Optional) The hostname of the node responsible for bootstrapping tasks
# Defaults to lookup('glance_api_short_bootstrap_node_name', undef, undef, undef)
#
# [*certificates_specs*]
# (Optional) The specifications to give to certmonger for the certificate(s)
# it will create.
# Example with hiera:
# apache_certificates_specs:
# httpd-internal_api:
# hostname: <overcloud controller fqdn>
# service_certificate: <service certificate path>
# service_key: <service key path>
# principal: "haproxy/<overcloud controller fqdn>"
# Defaults to lookup('apache_certificates_specs', undef, undef, {}).
#
# [*enable_internal_tls*]
# (Optional) Whether TLS in the internal network is enabled or not.
# Defaults to lookup('enable_internal_tls', undef, undef, false)
#
# [*glance_backend*]
# (Optional) Default glance backend type.
# Defaults to downcase(lookup('glance_backend', undef, undef, 'swift'))
#
# [*glance_backend_id*]
# (Optional) Default glance backend identifier.
# Defaults to 'default_backend'
#
# [*glance_network*]
# (Optional) The network name where the glance endpoint is listening on.
# This is set by t-h-t.
# Defaults to lookup('glance_api_network', undef, undef, undef)
#
# [*bind_port*]
# (optional) The port the server should bind to.
# Default: 9292
#
# [*log_dir*]
# (Optional) Directory where logs should be stored.
# If set to $::os_service_default, it will not log to any directory.
# Defaults to '/var/log/glance'.
#
# [*log_file*]
# (Optional) File where logs should be stored.
# If set to $::os_service_default, it will not log to any file.
# Defaults to '/var/log/glance/api.log'.
#
# [*show_image_direct_url*]
# (optional) Expose image location to trusted clients.
# Defaults to false
#
# [*show_multiple_locations*]
# (optional) Whether to include the backend image locations in image
# properties.
# Defaults to false
#
# [*multistore_config*]
# (Optional) Hash of settings for configuring additional glance-api backends.
# Defaults to {}
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
# Defaults to Integer(lookup('step'))
#
# [*oslomsg_rpc_proto*]
# Protocol driver for the oslo messaging rpc service
# Defaults to lookup('oslo_messaging_rpc_scheme', undef, undef, 'rabbit')
#
# [*oslomsg_rpc_hosts*]
# list of the oslo messaging rpc host fqdns
# Defaults to any2array(lookup('oslo_messaging_rpc_node_names', undef, undef, undef))
#
# [*oslomsg_rpc_port*]
# IP port for oslo messaging rpc service
# Defaults to lookup('oslo_messaging_rpc_port', undef, undef, '5672')
#
# [*oslomsg_rpc_username*]
# Username for oslo messaging rpc service
# Defaults to lookup('oslo_messaging_rpc_user_name', undef, undef, 'guest')
#
# [*oslomsg_rpc_password*]
# Password for oslo messaging rpc service
# Defaults to lookup('oslo_messaging_rpc_password')
#
# [*oslomsg_rpc_use_ssl*]
# Enable ssl oslo messaging services
# Defaults to lookup('oslo_messaging_rpc_use_ssl', undef, undef, '0')
#
# [*oslomsg_notify_proto*]
# Protocol driver for the oslo messaging notify service
# Defaults to lookup('oslo_messaging_notify_scheme', undef, undef, 'rabbit')
#
# [*oslomsg_notify_hosts*]
# list of the oslo messaging notify host fqdns
# Defaults to any2array(lookup('oslo_messaging_notify_node_names', undef, undef, undef))
#
# [*oslomsg_notify_port*]
# IP port for oslo messaging notify service
# Defaults to lookup('oslo_messaging_notify_port', undef, undef, '5672')
#
# [*oslomsg_notify_username*]
# Username for oslo messaging notify service
# Defaults to lookup('oslo_messaging_notify_user_name', undef, undef, 'guest')
#
# [*oslomsg_notify_password*]
# Password for oslo messaging notify service
# Defaults to lookup('oslo_messaging_notify_password')
#
# [*oslomsg_notify_use_ssl*]
# Enable ssl oslo messaging services
# Defaults to lookup('oslo_messaging_notify_use_ssl', undef, undef, '0')
#
# [*tls_proxy_bind_ip*]
# IP on which the TLS proxy will listen on. Required only if
# enable_internal_tls is set.
# Defaults to undef
#
# [*tls_proxy_fqdn*]
# fqdn on which the tls proxy will listen on. required only used if
# enable_internal_tls is set.
# defaults to undef
#
# [*tls_proxy_port*]
# port on which the tls proxy will listen on. Only used if
# enable_internal_tls is set.
# defaults to 9292
#
# [*glance_enable_db_purge*]
# (optional) Whether to enable db purging
# defaults to true
#
# [*glance_enable_cache*]
# (optional) Whether to enable caching
# defaults to false
#
# [*configure_apache*]
# (Optional) Whether apache is configured via puppet or not.
# Defaults to lookup('configure_apache', undef, undef, true)
#
# DEPRECATED PARAMETERS
#
# [*glance_rbd_client_name*]
# (optional) Deprecated. RBD client name
# Defaults to undef
#
class tripleo::profile::base::glance::api (
$bootstrap_node = lookup('glance_api_short_bootstrap_node_name', undef, undef, undef),
$certificates_specs = lookup('apache_certificates_specs', undef, undef, {}),
$enable_internal_tls = lookup('enable_internal_tls', undef, undef, false),
$glance_backend = downcase(lookup('glance_backend', undef, undef, 'swift')),
$glance_backend_id = 'default_backend',
$glance_network = lookup('glance_api_network', undef, undef, undef),
$bind_port = 9292,
$log_dir = '/var/log/glance',
$log_file = '/var/log/glance/api.log',
$show_image_direct_url = false,
$show_multiple_locations = false,
$multistore_config = {},
$step = Integer(lookup('step')),
$oslomsg_rpc_proto = lookup('oslo_messaging_rpc_scheme', undef, undef, 'rabbit'),
$oslomsg_rpc_hosts = any2array(lookup('oslo_messaging_rpc_node_names', undef, undef, undef)),
$oslomsg_rpc_password = lookup('oslo_messaging_rpc_password'),
$oslomsg_rpc_port = lookup('oslo_messaging_rpc_port', undef, undef, '5672'),
$oslomsg_rpc_username = lookup('oslo_messaging_rpc_user_name', undef, undef, 'guest'),
$oslomsg_rpc_use_ssl = lookup('oslo_messaging_rpc_use_ssl', undef, undef, '0'),
$oslomsg_notify_proto = lookup('oslo_messaging_notify_scheme', undef, undef, 'rabbit'),
$oslomsg_notify_hosts = any2array(lookup('oslo_messaging_notify_node_names', undef, undef, undef)),
$oslomsg_notify_password = lookup('oslo_messaging_notify_password'),
$oslomsg_notify_port = lookup('oslo_messaging_notify_port', undef, undef, '5672'),
$oslomsg_notify_username = lookup('oslo_messaging_notify_user_name', undef, undef, 'guest'),
$oslomsg_notify_use_ssl = lookup('oslo_messaging_notify_use_ssl', undef, undef, '0'),
$tls_proxy_bind_ip = undef,
$tls_proxy_fqdn = undef,
$tls_proxy_port = 9292,
$glance_enable_db_purge = true,
$glance_enable_cache = false,
$configure_apache = lookup('configure_apache', undef, undef, true),
# DEPRECATED PARAMETERS
$glance_rbd_client_name = undef,
) {
if $bootstrap_node and $::hostname == downcase($bootstrap_node) {
$sync_db = true
} else {
$sync_db = false
}
include tripleo::profile::base::glance::authtoken
if $step >= 4 or ($step >= 3 and $sync_db) {
if $enable_internal_tls {
if !$glance_network {
fail('glance_api_network is not set in the hieradata.')
}
if !$tls_proxy_bind_ip {
fail('glance_api_tls_proxy_bind_ip is not set in the hieradata.')
}
if !$tls_proxy_fqdn {
fail('tls_proxy_fqdn is required if internal TLS is enabled.')
}
$tls_certfile = $certificates_specs["httpd-${glance_network}"]['service_certificate']
$tls_keyfile = $certificates_specs["httpd-${glance_network}"]['service_key']
if $configure_apache {
tripleo::tls_proxy { 'glance-api':
servername => $tls_proxy_fqdn,
ip => $tls_proxy_bind_ip,
port => $tls_proxy_port,
tls_cert => $tls_certfile,
tls_key => $tls_keyfile,
notify => Class['glance::api'],
}
include tripleo::profile::base::apache
}
}
$multistore_backends = $multistore_config.map |$backend_config| {
unless has_key($backend_config[1], 'GlanceBackend') {
fail("multistore_config '${backend_config[0]}' does not specify a glance_backend.")
}
"${backend_config[0]}:${backend_config[1]['GlanceBackend']}"
}
$enabled_backends = ["${glance_backend_id}:${glance_backend}"] + $multistore_backends
include glance
include glance::config
include glance::healthcheck
include glance::api::db
class { 'glance::api::logging':
log_dir => $log_dir,
log_file => $log_file,
}
class { 'glance::api':
bind_port => $bind_port,
enabled_backends => $enabled_backends,
default_backend => $glance_backend_id,
show_image_direct_url => $show_image_direct_url,
show_multiple_locations => $show_multiple_locations,
sync_db => $sync_db,
}
include glance::key_manager
include glance::key_manager::barbican
['cinder', 'file', 'rbd', 'swift'].each |String $backend_type| {
# Generate a list of backend names for a given backend type
$backend_names = $enabled_backends.reduce([]) |$accum, String $backend| {
$backend_info = $backend.split(':')
if $backend_info[1] == $backend_type {
$accum << $backend_info[0]
} else {
$accum
}
}
unless empty($backend_names) {
class { "tripleo::profile::base::glance::backend::${backend_type}":
backend_names => $backend_names,
multistore_config => $multistore_config,
}
}
}
$oslomsg_rpc_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_rpc_use_ssl)))
$oslomsg_notify_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_notify_use_ssl)))
class { 'glance::notify::rabbitmq' :
default_transport_url => os_transport_url({
'transport' => $oslomsg_rpc_proto,
'hosts' => $oslomsg_rpc_hosts,
'port' => $oslomsg_rpc_port,
'username' => $oslomsg_rpc_username,
'password' => $oslomsg_rpc_password,
'ssl' => $oslomsg_rpc_use_ssl_real,
}),
notification_transport_url => os_transport_url({
'transport' => $oslomsg_notify_proto,
'hosts' => $oslomsg_notify_hosts,
'port' => $oslomsg_notify_port,
'username' => $oslomsg_notify_username,
'password' => $oslomsg_notify_password,
'ssl' => $oslomsg_notify_use_ssl_real,
}),
}
}
if $step >= 5 {
if $glance_enable_db_purge {
include glance::cron::db_purge
}
if $glance_enable_cache {
include glance::cache::cleaner
include glance::cache::pruner
}
}
}

84
manifests/profile/base/glance/authtoken.pp
View File

@ -1,84 +0,0 @@
# Copyright 2019 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: tripleo::profile::base::glance::authtoken
#
# Glance authtoken profile for TripleO
#
# === Parameters
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
# Defaults to Integer(lookup('step'))
#
# [*memcached_hosts*]
# (Optional) Array of hostnames, ipv4 or ipv6 addresses for memcache.
# Defaults to lookup('memcached_node_names', undef, undef, [])
#
# [*memcached_port*]
# (Optional) Memcached port to use.
# Defaults to lookup('memcached_authtoken_port', undef, undef, 11211)
#
# [*memcached_ipv6*]
# (Optional) Whether Memcached uses IPv6 network instead of IPv4 network.
# Defaults to lookup('memcached_ipv6', undef, undef, false)
#
# [*security_strategy*]
# (Optional) Memcached (authtoken) security strategy.
# Defaults to lookup('memcached_authtoken_security_strategy', undef, undef, undef)
#
# [*secret_key*]
# (Optional) Memcached (authtoken) secret key, used with security_strategy.
# The key is hashed with a salt, to isolate services.
# Defaults to lookup('memcached_authtoken_secret_key', undef, undef, undef)
#
# DEPRECATED PARAMETERS
#
# [*memcached_ips*]
# (Optional) Array of ipv4 or ipv6 addresses for memcache.
# Defaults to undef
#
class tripleo::profile::base::glance::authtoken (
$step = Integer(lookup('step')),
$memcached_hosts = lookup('memcached_node_names', undef, undef, []),
$memcached_port = lookup('memcached_authtoken_port', undef, undef, 11211),
$memcached_ipv6 = lookup('memcached_ipv6', undef, undef, false),
$security_strategy = lookup('memcached_authtoken_security_strategy', undef, undef, undef),
$secret_key = lookup('memcached_authtoken_secret_key', undef, undef, undef),
# DEPRECATED PARAMETERS
$memcached_ips = undef
) {
$memcached_hosts_real = any2array(pick($memcached_ips, $memcached_hosts))
if $step >= 3 {
if $memcached_ipv6 or $memcached_hosts_real[0] =~ Stdlib::Compat::Ipv6 {
$memcache_servers = $memcached_hosts_real.map |$server| { "inet6:[${server}]:${memcached_port}" }
} else {
$memcache_servers = suffix($memcached_hosts_real, ":${memcached_port}")
}
if $secret_key {
$hashed_secret_key = sha256("${secret_key}+glance")
} else {
$hashed_secret_key = undef
}
class { 'glance::api::authtoken':
memcached_servers => $memcache_servers,
memcache_security_strategy => $security_strategy,
memcache_secret_key => $hashed_secret_key,
}
}
}

146
manifests/profile/base/glance/backend/cinder.pp
View File

@ -1,146 +0,0 @@
# Copyright 2020 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: tripleo::profile::base::glance::backend::cinder
#
# Glance API cinder backend configuration for tripleo
#
# === Parameters
#
# [*backend_names*]
# Array of cinder store backend names.
#
# [*multistore_config*]
# (Optional) Hash containing multistore data for configuring multiple backends.
# Defaults to {}
#
# [*cinder_ca_certificates_file*]
# (Optional) Location of ca certificate file to use for cinder client requests.
# Defaults to lookup('glance::backend::cinder::cinder_ca_certificates_file', undef, undef, undef).
#
# [*cinder_api_insecure*]
# (Optional) Allow to perform insecure SSL requests to cinder.
# Defaults to lookup('glance::backend::cinder::cinder_api_insecure', undef, undef, undef).
#
# [*cinder_catalog_info*]
# (Optional) Info to match when looking for cinder in the service catalog.
# Defaults to lookup('glance::backend::cinder::cinder_catalog_info', undef, undef, undef).
#
# [*cinder_endpoint_template*]
# (Optional) Override service catalog lookup with template for cinder endpoint.
# Defaults to lookup('glance::backend::cinder::cinder_endpoint_template', undef, undef, undef).
#
# [*cinder_http_retries*]
# (Optional) Number of cinderclient retries on failed http calls.
# Defaults to lookup('glance::backend::cinder::cinder_http_retries', undef, undef, undef).
#
# [*cinder_store_auth_address*]
# (Optional) A valid authentication service address.
# Defaults to lookup('glance::backend::cinder::cinder_store_auth_address', undef, undef, undef).
#
# [*cinder_store_project_name*]
# (Optional) Project name where the image volume is stored in cinder.
# Defaults to lookup('glance::backend::cinder::cinder_store_project_name', undef, undef, undef).
#
# [*cinder_store_user_name*]
# (Optional) User name to authenticate against cinder.
# Defaults to lookup('glance::backend::cinder::cinder_store_user_name', undef, undef, undef)
#
# [*cinder_store_password*]
# (Optional) A valid password for the user specified by `cinder_store_user_name'
# Defaults to lookup('glance::backend::cinder::cinder_store_password', undef, undef, undef)
#
# [*cinder_os_region_name*]
# (optional) Sets the keystone region to use.
# Defaults to lookup('glance::backend::cinder::cinder_os_region_name', undef, undef, undef)
#
# [*cinder_enforce_multipath*]
# (Optional) Set to True when multipathd is enabled
# Defaults to lookup('glance::backend::cinder::cinder_enforce_multipath', undef, undef, undef)
#
# [*cinder_use_multipath*]
# (Optional) Set to True when multipathd is enabled
# Defaults to lookup('glance::backend::cinder::cinder_use_multipath', undef, undef, undef)
#
# [*cinder_mount_point_base*]
# (Optional) Directory where the NFS volume is mounted on the glance node.
# Defaults to lookup('glance::backend::cinder::cinder_mount_point_base', undef, undef, undef)
#
# [*cinder_volume_type*]
# (Optional) The volume type to be used to create image volumes in cinder.
# Defaults to lookup('glance::backend::cinder::cinder_volume_type', undef, undef, undef)
#
# [*store_description*]
# (Optional) Provides constructive information about the store backend to
# end users.
# Defaults to lookup('tripleo::profile::base::glance::api::glance_store_description', undef, undef, 'Cinder store').
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
# Defaults to Integer(lookup('step'))
#
class tripleo::profile::base::glance::backend::cinder (
$backend_names,
$multistore_config = {},
$cinder_ca_certificates_file = lookup('glance::backend::cinder::cinder_ca_certificates_file', undef, undef, undef),
$cinder_api_insecure = lookup('glance::backend::cinder::cinder_api_insecure', undef, undef, undef),
$cinder_catalog_info = lookup('glance::backend::cinder::cinder_catalog_info', undef, undef, undef),
$cinder_endpoint_template = lookup('glance::backend::cinder::cinder_endpoint_template', undef, undef, undef),
$cinder_http_retries = lookup('glance::backend::cinder::cinder_http_retries', undef, undef, undef),
$cinder_store_auth_address = lookup('glance::backend::cinder::cinder_store_auth_address', undef, undef, undef),
$cinder_store_project_name = lookup('glance::backend::cinder::cinder_store_project_name', undef, undef, undef),
$cinder_store_user_name = lookup('glance::backend::cinder::cinder_store_user_name', undef, undef, undef),
$cinder_store_password = lookup('glance::backend::cinder::cinder_store_password', undef, undef, undef),
$cinder_os_region_name = lookup('glance::backend::cinder::cinder_os_region_name', undef, undef, undef),
$cinder_enforce_multipath = lookup('glance::backend::cinder::cinder_enforce_multipath', undef, undef, undef),
$cinder_use_multipath = lookup('glance::backend::cinder::cinder_use_multipath', undef, undef, undef),
$cinder_mount_point_base = lookup('glance::backend::cinder::cinder_mount_point_base', undef, undef, undef),
$cinder_volume_type = lookup('glance::backend::cinder::cinder_volume_type', undef, undef, undef),
$store_description = lookup('tripleo::profile::base::glance::api::glance_store_description', undef, undef, 'Cinder store'),
$step = Integer(lookup('step')),
) {
if $step >= 4 {
$backend_names.each |String $backend_name| {
$backend_config = pick($multistore_config[$backend_name], {})
$store_description_real = pick($backend_config['GlanceStoreDescription'], $store_description)
if $backend_config['GlanceCinderVolumeType'] {
$cinder_volume_type_real = $backend_config['GlanceCinderVolumeType']
} else {
$cinder_volume_type_real = $cinder_volume_type
}
create_resources('glance::backend::multistore::cinder', { $backend_name => delete_undef_values({
'cinder_api_insecure' => $cinder_api_insecure,
'cinder_catalog_info' => $cinder_catalog_info,
'cinder_http_retries' => $cinder_http_retries,
'cinder_endpoint_template' => $cinder_endpoint_template,
'cinder_ca_certificates_file' => $cinder_ca_certificates_file,
'cinder_store_auth_address' => $cinder_store_auth_address,
'cinder_store_project_name' => $cinder_store_project_name,
'cinder_store_user_name' => $cinder_store_user_name,
'cinder_store_password' => $cinder_store_password,
'cinder_os_region_name' => $cinder_os_region_name,
'cinder_enforce_multipath' => $cinder_enforce_multipath,
'cinder_use_multipath' => $cinder_use_multipath,
'cinder_mount_point_base' => $cinder_mount_point_base,
'cinder_volume_type' => $cinder_volume_type_real,
'store_description' => $store_description_real,
})})
}
}
}

71
manifests/profile/base/glance/backend/file.pp
View File

@ -1,71 +0,0 @@
# Copyright 2020 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: tripleo::profile::base::glance::backend::file
#
# Glance API file backend configuration for tripleo
#
# === Parameters
#
# [*backend_names*]
# Array of file store backend names.
#
# [*multistore_config*]
# (Optional) Hash containing multistore data for configuring multiple backends.
# Defaults to {}
#
# [*filesystem_store_datadir*]
# (Optional) Location where dist images are stored when the backend type is file.
# Defaults to lookup('glance::backend::file::filesystem_store_datadir', undef, undef, undef).
#
# [*filesystem_thin_provisioning*]
# (Optional) Boolean describing if thin provisioning is enabled or not
# Defaults to lookup('glance::backend::file::filesystem_thin_provisioning', undef, undef, undef).
#
# [*store_description*]
# (Optional) Provides constructive information about the store backend to
# end users.
# Defaults to lookup('tripleo::profile::base::glance::api::glance_store_description', undef, undef, 'File store').
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
# Defaults to Integer(lookup('step'))
#
class tripleo::profile::base::glance::backend::file (
$backend_names,
$multistore_config = {},
$filesystem_store_datadir = lookup('glance::backend::file::filesystem_store_datadir', undef, undef, undef),
$filesystem_thin_provisioning = lookup('glance::backend::file::filesystem_thin_provisioning', undef, undef, undef),
$store_description = lookup('tripleo::profile::base::glance::api::glance_store_description', undef, undef, 'File store'),
$step = Integer(lookup('step')),
) {
if $backend_names.length() > 1 {
fail('Multiple file backends are not supported.')
}
if $step >= 4 {
$backend_name = $backend_names[0]
$multistore_description = pick($multistore_config[$backend_name], {})['GlanceStoreDescription']
$store_description_real = pick($multistore_description, $store_description)
create_resources('glance::backend::multistore::file', { $backend_name => delete_undef_values({
'filesystem_store_datadir' => $filesystem_store_datadir,
'filesystem_thin_provisioning' => $filesystem_thin_provisioning,
'store_description' => $store_description_real,
})})
}
}

102
manifests/profile/base/glance/backend/rbd.pp
View File

@ -1,102 +0,0 @@
# Copyright 2020 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: tripleo::profile::base::glance::backend::rbd
#
# Glance API rbd backend configuration for tripleo
#
# === Parameters
#
# [*backend_names*]
# Array of rbd store backend names.
#
# [*multistore_config*]
# (Optional) Hash containing multistore data for configuring multiple backends.
# Defaults to {}
#
# [*rbd_store_ceph_conf*]
# (Optional) Ceph cluster config file.
# Defaults to lookup('glance::backend::rbd::rbd_store_ceph_conf', undef, undef, '/etc/ceph/ceph.conf').
#
# [*rbd_store_user*]
# (Optional) Ceph client username.
# Defaults to lookup('glance::backend::rbd::rbd_store_user', undef, undef, 'openstack').
#
# [*rbd_store_pool*]
# (Optional) Ceph pool for storing images.
# Defaults to lookup('glance::backend::rbd::rbd_store_pool', undef, undef, 'images').
#
# [*rbd_store_chunk_size*]
# (Optional) RBD chunk size.
# Defaults to lookup('glance::backend::rbd::rbd_store_chunk_size', undef, undef, undef).
#
# [*rbd_thin_provisioning*]
# (Optional) Boolean describing if thin provisioning is enabled or not
# Defaults to lookup('glance::backend::rbd::rbd_thin_provisioning', undef, undef, undef).
#
# [*rados_connect_timeout*]
# (Optional) RADOS connection timeout.
# Defaults to lookup('glance::backend::rbd::rados_connect_timeout', undef, undef, undef).
#
# [*store_description*]
# (Optional) Provides constructive information about the store backend to
# end users.
# Defaults to lookup('tripleo::profile::base::glance::api::glance_store_description', undef, undef, 'RBD store').
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
# Defaults to Integer(lookup('step'))
#
class tripleo::profile::base::glance::backend::rbd (
$backend_names,
$multistore_config = {},
$rbd_store_ceph_conf = lookup('glance::backend::rbd::rbd_store_ceph_conf', undef, undef, '/etc/ceph/ceph.conf'),
$rbd_store_user = lookup('glance::backend::rbd::rbd_store_user', undef, undef, 'openstack'),
$rbd_store_pool = lookup('glance::backend::rbd::rbd_store_pool', undef, undef, 'images'),
$rbd_store_chunk_size = lookup('glance::backend::rbd::rbd_store_chunk_size', undef, undef, undef),
$rbd_thin_provisioning = lookup('glance::backend::rbd::rbd_thin_provisioning', undef, undef, undef),
$rados_connect_timeout = lookup('glance::backend::rbd::rados_connect_timeout', undef, undef, undef),
$store_description = lookup('tripleo::profile::base::glance::api::glance_store_description', undef, undef, 'RBD store'),
$step = Integer(lookup('step')),
) {
if $step >= 4 {
$backend_names.each |String $backend_name| {
$backend_config = pick($multistore_config[$backend_name], {})
$rbd_store_user_real = pick($backend_config['CephClientUserName'], $rbd_store_user)
$rbd_store_pool_real = pick($backend_config['GlanceRbdPoolName'], $rbd_store_pool)
$store_description_real = pick($backend_config['GlanceStoreDescription'], $store_description)
$ceph_cluster_name = $backend_config['CephClusterName']
if $ceph_cluster_name {
$rbd_store_ceph_conf_real = "/etc/ceph/${ceph_cluster_name}.conf"
} else {
$rbd_store_ceph_conf_real = $rbd_store_ceph_conf
}
create_resources('glance::backend::multistore::rbd', { $backend_name => delete_undef_values({
'rbd_store_ceph_conf' => $rbd_store_ceph_conf_real,
'rbd_store_user' => $rbd_store_user_real,
'rbd_store_pool' => $rbd_store_pool_real,
'rbd_store_chunk_size' => $rbd_store_chunk_size,
'rbd_thin_provisioning' => $rbd_thin_provisioning,
'rados_connect_timeout' => $rados_connect_timeout,
'store_description' => $store_description_real,
})})
}
}
}

Some files were not shown because too many files have changed in this diff Show More